This sounds like a question for @dirvine
Just hack it with all your creativity and resourcefulness .
Find any point(s) of failure , they’ll lead to improvement .
1 Like
Entirely agree with you.
3 Likes
FYI there are no servers in the SAFE Network. Alpha is running vaults on digital ocean droplets temporarily, but the end goal is to put the vaults on the computers of the users of the SAFE Network.
When it goes live its going to be even worse. Because those nodes will be peoples home computers. Which is completely different ball game.
2 Likes
…each os and each user will have different levels of security. now if they are not using a sort of vpn to tunnel all of the traffic these computers will be exposed to internet. and any one with the ip address can just start picking them of. It wont effect the network because of its design but it may prevent users from installing it as fear of there computer being hacked.
1 Like
The same case could me made for HTTPS and WWW, but people use it anyways.
These are replys to questions below…
Reply to reivanen, as 32 post limit on first day (btw if someone could lift this that would be great)
it really depends on how the software talks to each other. over the years OS’s have been hardened to attacks that could come via browsing the internet
Reply to mvanzyl : If there are no ip address how do the severs know who to talk to.
And i’m not worried about the data as its encrypted, i’m worried about the clients computers
If its written in C++ a buffer overflow exploit would not be hard what so ever. but any way thats a long way off
@lightyear Hence why i wrote “IF” like i said im new here, just trying to get my head round it.
@Nigel Thanks for your patience 
Also if someone can get this post limit lifted i would be grateful as its preventing me from asking questions
Same is true every time you connect to a website or when you fire up a torrent client etc.
In maidsafe only your close group knows your IP so very few people from the whole network even have the opportunity. And even they don’t have a way to connect your vault to your persona online, so targeted attacking is impossible.
edit: i run my vault in virtualbox, so the IP you would get leads to the virtual machine, i see zero chance of you being able to do anything to my computer.
1 Like
The invitation stays open of course but I might wait till at least Test 8 on the 23rd this month or till the vault network is married back up with the alpha iterations.
There is no VPN used and there are no IP addresses (technically there are but not used in routing files around or discoverable in the network). The OS security doesn’t really matter as the data is stored in the vault. The vault security as I understand it should be the same on all OSs.
The only thing someone would be able to see on a users computer is that they have encrypted chunks (not complete files) of data stored.
They will be unable to know who the data belongs to or what the data is.
It’s not written in C++, it’s written in Rust. Among other reason, exactly to prevent that kind of problem. It doesn’t have servers and indeed doesn’t need VPN. While the system is build upon TCP(/UDP)/IP, there are of course IPs, yet the network has its own routing system which is based upon distributed hash tables as used in peer-2-peer.
Please familiarize yourself with the project before you make broad unfounded claims about the systems overall security.
7 Likes
@lightyear, @ifindproblems may have been confused by the thread all the encryption layers of safe where @polpolrene eludes to the documentation and says he’s not a c++ programmer. Of course he may have been guilty of skimming and being new here should probably read up a bit. Just wanted to throw that out as a possible misunderstanding
4 Likes
Welcome to the forum. One question. What’s a pen-tester?
I have amended my comment. There technically are IP addresses, but not used to identify users or files or anything.
As for servers, there are no servers. Routing is based on DHT tables and consensus of groups. There are some great whitepapers on routing and safecoin and such on the maidsafe website I believe.
This is also a great resource.
6 Likes
I think they are referring to penetration testing (pen for short…)…
4 Likes
ah kinky. I have no idea what that refers to in a technical programming sense but hey at least I know what the short hand is referring to now.
I highly doubt that: reasonably competent C++ programmers can easily write code that isn’t susceptible to buffer overflows. I think you’re thinking of sloppy old-style C code.