white listing clients based on some deterministic ID (perhapd public key)

kyuupichan / electrumx

Alternative implementation of spesmilo/electrum-server

Other

724 stars 733 forks source link

white listing clients based on some deterministic ID (perhapd public key) #303

Open KanoczTomas opened 7 years ago

KanoczTomas commented 7 years ago

Hello,

I see there is no option to white list some clients on the electrumx server. It would be nice to have a white list of clients who would essentially be connected even if the max session is reached. Right now I did not find any way of doing it.

I think using a deterministic unique ID per client would be the best, as the IP address can change. Perhaps a configuration directive (env variable) could be used for it + an RPC call to add it on the fly, without the need to restart the server.

Use case: the owner of the server will most certainly want to add electrum clients owned to the whitelist

SomberNight commented 7 years ago

I also think it would be nice to allow server operators to access their own server even if the session limit has been reached. The suggested solution however would need major changes in both the client and the server.

A shorter term realistic solution is IP-based whitelisting in the server, and the server operator setting up a SOCKS5 proxy with user+password authentication at a whitelisted IP. The client already supports such proxy natively.

SuBPaR42 commented 6 years ago

Having recently set a lower user limit for one of my servers I too would like to see a whitelist option.

Talkless commented 5 years ago

+1.

Not sure if IP whitelist will be good enough, what if you are roaming?

What about using "yet another" port with client certificate auth. or something similar? Although of course, having some "random" port is "security via obscurity"...

KanoczTomas commented 5 years ago

Not sure how certificates work with electrumx, perhaps one could use a similar setup as with openvpn. It is possible to create a CA and sign certificates with it. Perhaps any client which shows a cert signed by a trusted CA could be whitelisted.

The ca.crt would have to be supplied for whitelisting to work.

Talkless commented 5 years ago

Not sure how certificates work with electrumx

Well, there's actually problem with Electrum wallet - it should have client certificate support for my proposal to work.. so that's out of the question.

SomberNight commented 5 years ago

Both Electrum and ElectrumX use the aiorpcx library, and all three are open source. If someone actually takes the time to make decent PRs, I am sure they can get merged.

davedavis commented 2 years ago

Has anyone found a workaround for this for localhost (the only connection)? Or is setting the limit env variables to something crazy high the best way to achieve this when running local only?