It would be interesting to get ANTPY and DyName implemented as NMControl plugins. This would help consolidate our code, make things easier for end users, and would allow the NMControl web interface to integrate with those features.
Khal seemed to have this in mind when he created NMControl, since the NMControl readme says "It will allow you to : create domains, alias and auto renew them".
However, the security issues should be carefully considered. Right now, an attacker who can access your NMControl RPC port can't do much damage -- he can get an idea of what domains you have access to, and he can DoS your NMControl instance by sending the stop command.
If we allow NMControl to issue new transactions, as ANTPY and DyName do, then we have to be a lot more careful about how we handle the RPC port.
Do people have thoughts on how this should be handled?
ANTPY and DyName as NMControl plugins?
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: ANTPY and DyName as NMControl plugins?
I'm also reluctant to agree here - while it would certainly be cool to make NMControl do those things, I like the idea that NMControl is "read-only". This helps both with security (as you mentioned), and also allows things like using an offline file instead of a running daemon as data source. (Or an API server, for instance.) This is another core idea behind NMControl for me.
If we decide to allow sending transactions from inside NMControl, this should at least be done in a separate "mode" and we should let the user explicitly decide whether to use the read-only mode with features like offline data storage, or whether they want to use the read-write mode and have made sure their installation is secure.
If we decide to allow sending transactions from inside NMControl, this should at least be done in a separate "mode" and we should let the user explicitly decide whether to use the read-only mode with features like offline data storage, or whether they want to use the read-write mode and have made sure their installation is secure.
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: ANTPY and DyName as NMControl plugins?
These are good points. I think it may be better to simply include ANTPY and DyName in a "Namecoin Bundle", which would also include Namecoin-Qt/namecoind, NMControl, FreeSpeechMe, and the NameID extension. Phelix and Indolering were talking about doing a Namecoin Bundle for a while, I guess it's not particularly problematic for end users for ANTPY and DyName to simply be distinct programs which are included in that bundle.domob wrote:I'm also reluctant to agree here - while it would certainly be cool to make NMControl do those things, I like the idea that NMControl is "read-only". This helps both with security (as you mentioned), and also allows things like using an offline file instead of a running daemon as data source. (Or an API server, for instance.) This is another core idea behind NMControl for me.
If we decide to allow sending transactions from inside NMControl, this should at least be done in a separate "mode" and we should let the user explicitly decide whether to use the read-only mode with features like offline data storage, or whether they want to use the read-write mode and have made sure their installation is secure.
That said, I'm still persuadable in other directions. Anyone else have thoughts on this?
Re: ANTPY and DyName as NMControl plugins?
+1 to more plugins for NMControl, e.g. ANTPY
+1 to first consider security implications
Though NMControl currently is only doing read-only it could also do write operations so I don't see the difference here.
Unlocking the wallet is a different issue. IIRC with ANTPY it is possible to manually unlock the wallet outside the script which might help in some cases (it is always easy for NMControl to detect an unlocked wallet).
Hmm... it seems NMControl is security relevant already now, even if it only regularly executes read operations so far.
+1 to first consider security implications
Though NMControl currently is only doing read-only it could also do write operations so I don't see the difference here.
Unlocking the wallet is a different issue. IIRC with ANTPY it is possible to manually unlock the wallet outside the script which might help in some cases (it is always easy for NMControl to detect an unlocked wallet).
Hmm... it seems NMControl is security relevant already now, even if it only regularly executes read operations so far.