On 09/05/2016 12:43 AM, meejah wrote: > Could you use ADD_ONION instead? Why are you using the on-disk API if > you don't want to give your thing permission to read those directories? I'll consider it, but I want the onion service to be relatively permanent. It would best if the hostname didn't change every time tor restarted. > I also don't see why you'd give something permission to use the > control-port, but *not* permission to read hostname/private_key > files...? I'd just rather not risk unnecessary exposure of private keys. The software doesn't need the key, so I'm risking compromise just to do private -> public -> hostname, I'd rather query the hostname directly. I'm using cookie authentication and both tor and onions-server have a copy of the cookie file. This way I can set up IPC between them in a more secure manner and they can each run as a separate user. > (p.s. I can't reach http://onions55e7yam27n.onion/) Nothing is online at the moment. I'll make a separate post once everything is ready. -- Jesse V
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev