M5StackSats icon indicating copy to clipboard operation
M5StackSats copied to clipboard

Published 20 hours ago verified publisher icon arcbtc

Reduce Read Macaroon Permissions

Open geco91 opened this issue 5 years ago • 1 comments

Just to keep in mind .. there is no Admin Macaroon on the POS, just a Invoice & Read Macaroon. So if the device gets stolen or hacked, the funds on the remote LND are safe. But in such scenario the Read Macarroon would still allow the attacker to read much if the information from the LND node, that is not needed to do the POS job. The newer LND allows for much more specialized Macaroons .. so for the future it would make sense to look in what way the Read Macaroon can be more restrictive.

See links: https://github.com/lightningnetwork/lnd/pull/1160 https://github.com/lightningnetwork/lnd/blob/13b56d5849a9495ed11d6928665115e88cd1d9b0/rpcserver.go#L209

geco91 avatar Dec 01 '19 17:12 geco91

Good idea. Will look into it, thanks

arcbtc avatar Dec 21 '19 18:12 arcbtc