#133 Issue regarding the security of the LBRYNET

開啟中
jyamihud2 年之前創建 · 1 條評論

Problem

When the LBRYNET is running it's running ( usually ) on the same IP/PORT configurations. Which are default for most users. You can change these by going to the config files of the SDK, but the issue stays.

With a simple JavaScript, any webpage could access a running SDK and therefor access your entire wallet with all the publications. And do something nasty with them. Like, let's say, send all of your LBC to some malicious address.

On the other hand, if there is a wallet on the computer to begin with. Malware that knows about LBRY could copy it over to some malicious people.

Solution?

In the SDK there is a feature of encrypting / decrypting a wallet. I think we have to expose some convenient way of interacting with this feature. And I'm talking here both for Terminal and GTK version. And perhaps other clients as well.

If it is possible to keep the wallet encrypted, this is best to be kept encrypted. If not, at least a switch to encrypt / decrypt should be present with user-set-able password.

# Problem When the LBRYNET is running it's running ( usually ) on the same IP/PORT configurations. Which are default for most users. You can change these by going to the config files of the SDK, but the issue stays. With a simple JavaScript, any webpage could access a running SDK and therefor access your entire wallet with all the publications. And do something nasty with them. Like, let's say, send all of your LBC to some malicious address. On the other hand, if there is a wallet on the computer to begin with. Malware that knows about LBRY could copy it over to some malicious people. # Solution? In the SDK there is a feature of encrypting / decrypting a wallet. I think we have to expose some convenient way of interacting with this feature. And I'm talking here both for Terminal and GTK version. And perhaps other clients as well. If it is possible to keep the wallet encrypted, this is best to be kept encrypted. If not, at least a switch to encrypt / decrypt should be present with user-set-able password.

2d52badc18 This fixed the issue in GTK version

https://notabug.org/jyamihud/FastLBRY-GTK/commit/2d52badc1853ea8a34cbb0768d85c153973ab547 This fixed the issue in GTK version
Sign in to join this conversation.
未選擇里程碑
未指派成員
1 參與者
正在加載...
取消
保存
尚未有任何內容