#133 Issue regarding the security of the LBRYNET

Avoinna
2 vuotta sitten avasi jyamihud · 1 kommenttia

Problem

When the LBRYNET is running it's running ( usually ) on the same IP/PORT configurations. Which are default for most users. You can change these by going to the config files of the SDK, but the issue stays.

With a simple JavaScript, any webpage could access a running SDK and therefor access your entire wallet with all the publications. And do something nasty with them. Like, let's say, send all of your LBC to some malicious address.

On the other hand, if there is a wallet on the computer to begin with. Malware that knows about LBRY could copy it over to some malicious people.

Solution?

In the SDK there is a feature of encrypting / decrypting a wallet. I think we have to expose some convenient way of interacting with this feature. And I'm talking here both for Terminal and GTK version. And perhaps other clients as well.

If it is possible to keep the wallet encrypted, this is best to be kept encrypted. If not, at least a switch to encrypt / decrypt should be present with user-set-able password.

# Problem When the LBRYNET is running it's running ( usually ) on the same IP/PORT configurations. Which are default for most users. You can change these by going to the config files of the SDK, but the issue stays. With a simple JavaScript, any webpage could access a running SDK and therefor access your entire wallet with all the publications. And do something nasty with them. Like, let's say, send all of your LBC to some malicious address. On the other hand, if there is a wallet on the computer to begin with. Malware that knows about LBRY could copy it over to some malicious people. # Solution? In the SDK there is a feature of encrypting / decrypting a wallet. I think we have to expose some convenient way of interacting with this feature. And I'm talking here both for Terminal and GTK version. And perhaps other clients as well. If it is possible to keep the wallet encrypted, this is best to be kept encrypted. If not, at least a switch to encrypt / decrypt should be present with user-set-able password.

2d52badc18 This fixed the issue in GTK version

https://notabug.org/jyamihud/FastLBRY-GTK/commit/2d52badc1853ea8a34cbb0768d85c153973ab547 This fixed the issue in GTK version
Kirjaudu sisään osallistuaksesi tähän keskusteluun.
Ei merkkipaalua
Ei osoitettua
1 osallistujaa
Ladataan...
Peruuta
Tallenna
Sisältöä ei vielä ole.