Security implications of sharing CA folder

[maran]

I'm setting up Harvesting as a Service and I'm wondering about the security implications of asking potential customers for their CA folders.

According to this page the recommended way of doing this is sharing the CA folder. However this would also give me access to the Wallet RPC if a customer would, whether initially or by accident, run their wallet bound on 0.0.0.0 or something else publicly facing.

Is this a negligible risk or is there a better way to achieve this and rule out this attack vector?

[wjblanke]

Just make sure they only open 8447 (farmer) to you on their firewall--that should prevent the wallet attack. Currently the code does assume your harvester to be trusted if you have a cert signed by their CA, so it is a small risk. they will have to trust you.

[maran]

Thanks, I will make it super clear to only open the farmer port. Appreciate the confirmation.

[BrandtH22]

If you are still experiencing the issues it is recommended to upgrade to the latest version of chia. Please download it from here: https://www.chia.net/downloads/

Since this issue has been open for a number of years without additional comments, we will be closing this ticket but if we have closed this ticket in error do not hesitate to reach out to us again with any followup questions, comments, or if the issue persists after an update.

Please note that upgrading major versions of chia generally requires the config.yaml to be recreated using these steps:
1. Stop chia
2. Rename the config or move it to a different directory
3. In CLI run chia init
4. Copy any custom settings from the old config to the new (plot drive directories, pool info, trusted node info, etc) - be careful here as yaml is very picky about formatting including those leading spaces
5. Start Chia

The best place to reach our support team is on Discord (https://discord.gg/chia) or by reopening this ticket.