Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Pools
Re: [~800 Gh/s Mining Pool] SSL,INSTANT PAYOUT,+1% with LP+0.8% for no failed blocks
by
Veldy
on 21/06/2011, 01:41:27 UTC
Quote from: ancow on June 21, 2011, 01:13:32 AM
Quote from: scar on June 21, 2011, 01:02:29 AM
Quote from: [Tycho] on May 17, 2011, 07:24:46 PM
UPDATE:

  • HTTPS/SSL is supported now for improved security

how is it secure when the miner is still using insecure http to send the user and password?
You can only change any settings with the account password, which really should be different from your worker password (which is only used for accessing the API, getting work and submitting shares, so nothing bad can come of others knowing it).

I think it could be used to connect and flood in random hash values at a high rate as a denial of service attempt, but I am not sure that would be a preferred method of attack anyway.  It would be nice if the account login wasn't part of the worker name however.  So, deepbit could implement a system where the user enters their desired worker name [say you have a rig called "saturn" on your network with three miners and thus, you want workers for saturn1, saturn2 and saturn3] and deepbit could create the worker with a unique name that does not contain your account name [i.e. 3xZy9!Q_saturn1].  That would at least not make the accounts on the system not known as easily and carries no overhead of connection encryption.