search

codius / old-codius-cli

Codius Client Command Line Interface (CLI)
https://codius.org
Apache License 2.0
110 stars 13 forks source link

Suggestions on usability and security #67

Closed kruisdraad closed 6 years ago

kruisdraad commented 6 years ago

there is no ILP filtering, priority. If you have a upstream i dont trust i cant prevent you from adding it into my routing table ... nor can i say this route is shorting with prio if i think mlab1 <-> mlab2 is better then using mlab1<->other to reach a peer

please use the BGP / peering methods as an example. Also try to make the config generic so they are the same on both sides and have the plugin(s) figure out the best way to setup the connections

Also the moneyd sometimes show 'connected' likely because the session is up ... but its not learning routes (e.g. with payment channel failed). this gives false info. Also when restarting the moneyd admin gui never starts if there is 1 single peer failing (same scenario of a failed payment channel, reproduceable)

there is no way (havent found it yet) to get into a pod, see whats running on it and do forensics, i can access the image filesystem though

there is no way to ban/block a XRP address from adding contracts, a malicious XRP address can send me a phishing website wrapped in a contract and keeps doing it unless i shutdon the server

adrianhopebailie commented 6 years ago

there is no ILP filtering, priority. If you have a upstream i dont trust i cant prevent you from adding it into my routing table ... nor can i say this route is shorting with prio if i think mlab1 <-> mlab2 is better then using mlab1<->other to reach a peer

please use the BGP / peering methods as an example. Also try to make the config generic so they are the same on both sides and have the plugin(s) figure out the best way to setup the connections

These are not Codius issues. Please log against the Interledger project at https://github.com/interledger/rfcs/issues or https://github.com/interledgerjs/ilp-connector

Also the moneyd sometimes show 'connected' likely because the session is up ... but its not learning routes (e.g. with payment channel failed). this gives false info. Also when restarting the moneyd admin gui never starts if there is 1 single peer failing (same scenario of a failed payment channel, reproduceable)

These are also not Codius issues. Please log against moneyd at https://github.com/interledgerjs/moneyd. Also please log as 2 issues (for tracking purposes)

there is no way (havent found it yet) to get into a pod, see whats running on it and do forensics, i can access the image filesystem though

there is no way to ban/block a XRP address from adding contracts, a malicious XRP address can send me a phishing website wrapped in a contract and keeps doing it unless i shutdon the server

Please log as 2 separate issues so we can track them. The more detail provided the better.

adrianhopebailie commented 6 years ago

there is no way (havent found it yet) to get into a pod, see whats running on it and do forensics, i can access the image filesystem though

there is no way to ban/block a XRP address from adding contracts, a malicious XRP address can send me a phishing website wrapped in a contract and keeps doing it unless i shutdon the server

On second thought these look like codiusd issues. Please log (as 2 issues) at https://github.com/codius/codiusd/issues