Insecure #116
Comments
|
Oh and btw: To crash the server just do |
|
I was just explaining this to @lgierth yesterday. It's definitely not ideal. The initial plan (which continues to be) is to use a libp2p node for the rendezvous point that will authenticate all connections and so, instead of you announcing yourself, the node will node who is the real dialer. |
|
@mkg20001 are you still running this? |
|
No but I might have crashed the server |
|
To fix it only 1 change is required: Add |
|
@mkg20001 wanna contribute with that change and a test for it? :) |
|
So @mkg20001 if I understand correctly from your code in https://github.com/libp2p/js-libp2p-websocket-star-rendezvous the problem is that the ID needs to be proven, or you can assume another node's identity. Wouldn't the leave endpoint need the same protection to protect against DOS attacks, as the discovery would give you all the IDs you need? |
|
Yes. WIll fix this in a moment. |
daviddias
added
status/ready
Took me 5 min to write. Redirects all connections. Catches all dials.
Because I'm not evil I stop redirecting. But I could do that forever.
The text was updated successfully, but these errors were encountered: