search

ryankennedyio / ib-docker

Dockerized interactive brokers gateway
97 stars 26 forks source link

official sources #6

Open josefstr opened 7 years ago

josefstr commented 7 years ago

In the Dockerfile you load the installer from some third party sources. Shouldn't you load for security reasons from InteractiveBrokers servers instead? Checking the md5sum afterwards? RUN wget -q http://data.quantconnect.com/interactive/ibgateway-latest-standalone-linux-x64-v960.2a.sh

same is for ib-controller. Why don't you fetch it from github directly instead of quantconnect? RUN wget -q http://data.quantconnect.com/interactive/IBController-QuantConnect-3.2.0.zip

why do you install java8? Doesn't TWS and IB's Gateway come with a own java version delivered by IB? IB recommends using this java version instead of java8.

ryankennedyio commented 7 years ago

Hi @josefstr

Good point. Sadly IB doesn't host any version of their scripts except for the very latest, so it's impossible to create reproduce-able containers whenever IB releases a new version.

Not really sure what to do to be honest; on one hand IB doesn't even support what's needed, but the other hand we're loading scripts from 3rd parties over HTTP ...

@jaredbroad will data.quantconnect.com support https in the future?

jaredbroad commented 7 years ago

Its driven by S3 so sadly they dont support https endpoints for custom domains. We might be able to proxy pass it though.

We put it there to have a stable/pinned version with the matching container setup. Its painful but sadly required as they dont all play well.

QuantConnect now manages the IBController project so we'll make sure it stays hosted

sohailsomani commented 6 years ago

This makes it easy for a malicious actor on the QC side to hijack things esp since I presume QC prefers customers to use their hosted service and this may not be a priority. With lots of $$$ at stake, not sure that QC has a good enough threat model here but maybe it does. Note that I'm not saying QC is malicious, but a disgruntled employee can do whatever.

christian-oudard commented 4 years ago

The quantconnect link appears to be broken:

The command '/bin/sh -c wget -q http://data.quantconnect.com/interactive/ibgateway-latest-standalone-linux-x64-v960.2a.sh' returned a non-zero code: 8

jaredbroad commented 4 years ago

We didnt touch any of the bucket contents Christian. Should still work fine

On Thu, Aug 13, 2020, 7:05 PM Christian Oudard notifications@github.com wrote:

The quantconnect link appears to be broken:

The command '/bin/sh -c wget -q http://data.quantconnect.com/interactive/ibgateway-latest-standalone-linux-x64-v960.2a.sh' returned a non-zero code: 8

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ryankennedyio/ib-docker/issues/6#issuecomment-673842665, or unsubscribe https://github.com/notifications/unsubscribe-auth/AARDVGP4NXY74YFRNHTEWETSASLXRANCNFSM4C6JIE2Q .

jaredbroad commented 4 years ago

FYI these are all the versions we have cached; image