Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Mining software (miners)
Re: Linux mining distro for the Raspberry PI - MinePeon
by
Luke-Jr
on 04/08/2014, 21:36:30 UTC
Quote from: MineForeman.com on August 04, 2014, 09:31:01 PM
Quote from: Luke-Jr on August 04, 2014, 05:39:22 AM
Quote from: MineForeman.com on August 04, 2014, 02:45:42 AM
Just as a warning, the server code is starting to make it's appearance in this release.  The eventual outcome of this is that you will be able to go to https://mineforeman.io/ to manage your mining... at present all it does is erroneously tell you your mining rig is out of date though Wink .
How do you plan to make this such that someone compromising your server cannot hijack every miner using it?

Good question.  All of the normal security layers will be there, ssl certs, ssh private keys, fire walling, VPN, load balance front end's.  I also have plenty of experience at running these things (my real life job is wrapping servers up in layers of security).  Even the communication between the miner and the server will use key signatures (as well as ssl etc).

In the end though, as we well know from pools, exchanges and a myriad of other "things on the internet" if someone gets root, your stuffed, and I don't think anyone who runs servers on the internet is going to deny that or say that their systems are un-hack able.

It is also not going to be compulsory Wink .  By default it is not going to be on.

Neil
I suggest:
  • Open source the server side, and have the client side require a server configured.
  • Ensure everything works if *pool commands are disabled (or at least addpool, if the user wants to actually change pools via the interface).
  • Possibly accept direct access if the user wants to just forward a port.
  • Enforce secure passwords (using eg cracklib).