MyHush / hush

Hush is a fork of Zcash focused on secure communications
https://myhush.org
Other
67 stars 37 forks source link

backend miner.myhush.org upgrades #18

Open leto opened 7 years ago

leto commented 7 years ago

Describe the issue

miner.myhush.org does not support SSL. To fully support SSL, we must support Secure WebSockets (WSS), which requires opening up new server ports, and new nginx configs and updating HTML/JS with relevant URL and code changes.

Additionally, the Perl code that is the dynamic part of the codebase needs to be made into a CPAN module, to be testable and trivially distributable via-known-trusted channels like package managers.

Additionally, we need to be able to payout to N addresses with arbitrary ratios, to enable many use cases.

Can you reliably reproduce the issue?

Yes

Bounty

250 Hush

Expected behavior

miner.myhush.org has modern TLS security deployed and is able to ask people to input a taddr and then send a certain percentage of that browser tab's mining to their custom address.

Additionally, it is a CPAN module which reads in a custom config file, and is trivially installable on every server Perl exists (just about every one).

Actual behaviour + errors

We use HTTP currently which can be re-written by evil network operators, and leaks metadata.

The version of Hush you were using:

All

sennevb commented 7 years ago

Would not be bad to enable TLS between nodes also..

lludlow commented 7 years ago

we could use wss:// instead of ws:// for tls, but need to add that into the backend perl

leto commented 7 years ago

@madbuda yes, if we use https:// we must also use secure WebSockets (wss://) or mixed content errors will happen

leto commented 7 years ago

@sennevb just to be clear, we are talking about a webmining web browser here, which connects to a website to get Stratum jobs. The web browser is not running a hush node, so this is not a p2p thing, this is a client-server thing

lludlow commented 7 years ago

@leto should we move this to the webminer repo? FYI we also have https://github.com/orgs/MyHush/projects/2

leto commented 7 years ago

@madbuda not sure, because right now hush.git is the place where all bounties are listed . The project board is cool! :+1: