electrumx icon indicating copy to clipboard operation
electrumx copied to clipboard

Published 20 hours ago verified publisher icon kyuupichan

white listing clients based on some deterministic ID (perhapd public key)

Open KanoczTomas opened this issue 8 years ago • 7 comments
trafficstars

Hello,

I see there is no option to white list some clients on the electrumx server. It would be nice to have a white list of clients who would essentially be connected even if the max session is reached. Right now I did not find any way of doing it.

I think using a deterministic unique ID per client would be the best, as the IP address can change. Perhaps a configuration directive (env variable) could be used for it + an RPC call to add it on the fly, without the need to restart the server.

Use case: the owner of the server will most certainly want to add electrum clients owned to the whitelist

KanoczTomas avatar Nov 02 '17 13:11 KanoczTomas

I also think it would be nice to allow server operators to access their own server even if the session limit has been reached. The suggested solution however would need major changes in both the client and the server.

A shorter term realistic solution is IP-based whitelisting in the server, and the server operator setting up a SOCKS5 proxy with user+password authentication at a whitelisted IP. The client already supports such proxy natively.

SomberNight avatar Nov 02 '17 13:11 SomberNight

Having recently set a lower user limit for one of my servers I too would like to see a whitelist option.

SuBPaR42 avatar Dec 19 '17 01:12 SuBPaR42

+1.

Not sure if IP whitelist will be good enough, what if you are roaming?

What about using "yet another" port with client certificate auth. or something similar? Although of course, having some "random" port is "security via obscurity"...

Talkless avatar Dec 24 '18 23:12 Talkless

Not sure how certificates work with electrumx, perhaps one could use a similar setup as with openvpn. It is possible to create a CA and sign certificates with it. Perhaps any client which shows a cert signed by a trusted CA could be whitelisted.

The ca.crt would have to be supplied for whitelisting to work.

KanoczTomas avatar Jan 02 '19 13:01 KanoczTomas

Not sure how certificates work with electrumx

Well, there's actually problem with Electrum wallet - it should have client certificate support for my proposal to work.. so that's out of the question.

Talkless avatar Jan 03 '19 09:01 Talkless

Both Electrum and ElectrumX use the aiorpcx library, and all three are open source. If someone actually takes the time to make decent PRs, I am sure they can get merged.

SomberNight avatar Jan 05 '19 09:01 SomberNight

Has anyone found a workaround for this for localhost (the only connection)? Or is setting the limit env variables to something crazy high the best way to achieve this when running local only?

davedavis avatar Dec 28 '21 01:12 davedavis