Could “safe_proxy.pac” be hosted in a more decentralized way, so we can prevent a single point of failure?
The current internet has always been a weak link when it comes to security, so shoulden’t we try existing decentralized tools to “test” our beloved SAFE Network. It can’t hurt to start getting in that mind state and maybe it would be fun.
Hmmmm now that I think about it, the decentralized way of doing this is just downloading the file or create your own.
Create your own by copying [quote=“digipl, post:2, topic:7463”]
function FindProxyForURL(url, host) { if (shExpMatch(host, “*.safenet”)) return “PROXY localhost:8101”;
return “DIRECT”;
}
[/quote] and save it as a .pac file
I prefer to save and use a local copy of the file anyway. Although I’m technologically fairly ignorant, I’m imagining that it negates a couple of possible issues. Firstly, there’s no problem if http://visualiser.maidsafe.net/safe_proxy.pac becomes unreachable. Secondly, it avoids relying on a central target should someone want to maliciously alter the file. Please correct me if I’m wrong because then I will learn…
Or just remember the basics what this pac file ought to tell your browser. Browser should simply connect to the Safenet Launcher proxy port on tcp/8101 for all domains ending in .safenet
The first thing I’d ask myself is “what is the likelihood that I noticed something that dozens of devs have not”. That would have given you a good hint.
What you (and the folks who’ve responded so far) obviously couldn’t notice is the weakness that actually exists is that the ability to slightly change that simple PAC file could produce some interesting results.
The PAC file doesn’t have to be there, it’s just for the less technical users to be able to get on board. Fortunately for you, you are SAFE from the risk I just described because you couldn’t figure out how to use the PAC file
If one replaces return "PROXY localhost:8101"; with return "PROXY suckme.ru:8101"; he can watch (and more) your traffic.
Right. Was on tablet and if you ever commented (not just used) on this forum using a tablet you know how it masks 80% of the screen. It’s been much worse since last week because now the site is even slower so it’s really hard to scroll up and down to review comments. I did that but only once and didn’t notice yours.
Does it have to be? No as @digipl and others point out it can be copied / hosted elsewhere. We’ve also suggested a way that the PAC file can be served from the launcher so as to mitigate these issues.
I suggested an edit of Proxy Setup to mention downloading the .pac file as a more decentralized alternative. This suggested edit is queued for review, so it’s up to the moderators of maidsafe’s readme.io docs now.