Skip to content
This repository has been archived by the owner on Oct 4, 2019. It is now read-only.

Secure Build #17

Open
whatisgravity opened this issue Aug 28, 2016 · 0 comments
Open

Secure Build #17

whatisgravity opened this issue Aug 28, 2016 · 0 comments

Comments

@whatisgravity
Copy link

whatisgravity commented Aug 28, 2016
edited
Loading

Supply a secure build alternative without all the short polled price callbacks and Shifty (provides JS with no checksum checks or other validations) and if possible prevent any connections in Electron(specifically Chromium) to anywhere but the localhost/127.0.0.1.

Once we determine what exactly needs to be changed to harden it, it will just be as simple as creating a script and adding it to the gulp build script.

So this allows people to have a significantly more secure GUI client with very little additional time invested.

I'm worried particularly about potential XSS attacks

When trying to determine if I could limit the host range in Electron I found this article for those interested in the topic. This may do a better job of articulating the issue in the Electron context then I could.
http://blog.scottlogic.com/2016/03/09/As-It-Stands-Electron-Security.html
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@whatisgravity