Some questions on security

victor · November 18, 2021, 11:55am

So if my understanding is correct I can deploy containers on servers run by farmers. They are all connected on a wireguard network that I setup. So not a p2p network more of a p2p container hosting.

So say I want to hoste some website with a password login. How do you keep some random farmer from changing that site to send him a copy of all passwords when users log in?
Or if there’s no password they could change your service to host malware or something.

Or just steal my data from the conteiner

Am I missing sime important part?

abdultf · July 7, 2020, 8:03pm

The container network is actually a private overlay network that runs on top of the farmer’s internal network. The farmer has NO access at all to any of the user’s network.

Therefore data is secure and only accessible to you via wireguard tunnel.

There is a decent write up on ZOS networking under this link,

victor · July 7, 2020, 8:08pm

I get the network part. But private keys (for his side of the WG connection) and the actual website/service is installed on his server. I understand it being more difficult to access a running container but far from impossible. Is there anything keeping him/her from manipulating or stealing the actual conteiner data.

Just trying to understand how this is set up

abdultf · July 8, 2020, 8:06am

The ZOS host (farmer node) itself is a blackbox to which there is NO access or entry points for anyone whatsoever.

Your website or services run within the container which again is a part of private overlay network to which there are NO ingress points from the public Internet.

As for wireguard private keys or any user information pertaining to access, most of that information doesn’t reside on the farmer node itself. It is remote to the node and maintained externally in the blockchain database (BCDB). Perhaps, @zaibon can answer it comprehensively.

zaibon · July 8, 2020, 7:03am

Everything @abdultf said is correct. 0-OS doesn’t present any shell or connection possibility for the farmer, the node is fully autonomous and only applies the work that is registered in BCDB.

Now regarding the fact that farmer still have hardware access to the disk if they want, this is also true. And this is true for any public cloud provider today. So if you are using a container and storing data directly on disks, your application should most probably encrypt those data. This is good practice and sane practice for pretty much anything, not really something specific to the grid though.

victor · July 8, 2020, 7:17am

Thanks, that answers my question