Login
Register
All Activity
Questions
Unanswered
Tags
Users
Ask a Question
Welcome to the Developer Q&A for the
MultiChain
blockchain platform.
Please feel free to ask questions about the platform to receive answers from the MultiChain developers or other members of the community.
Related questions
What part of MultiChain would you change to change the hash algorithm?
How do you specify security algorithms?
Security - Is there a way to protect access if the node is compromised?
Will implementing a CAPTCHA-like system require modifying multichaind source?
allow that each user hold a secure address and can transfer assets from one to another account using web application
4,157
questions
4,370
answers
5,718
comments
Most popular tags
multichain
streams
assets
stream
transactions
json-rpc
blockchain
wallet
permissions
error
address
raw-transactions
asset
mining
node
api
issue
multichain-explorer
nodes
connect
multichaind
multisig
transaction
smart-filters
metadata
private-key
atomic-exchange
multichain-cli
multichain-web-demo
data
connection
performance
blocks
demo
web
json
database
storage
native-currency
bitcoin
private-blockchain
network
fee
smart-contracts
wallets
signrawtransaction
off-chain
exchange
multiple-nodes
getnewaddress
Provide a more secure download mechanism
+1
vote
Hi there,
Please consider serving the multichain binaries over HTTPS and provide a checksum for the tar file. People are doing things like this:
https://hub.docker.com/r/kunstmaan/base-multichain/~/dockerfile/
Potential MITM attacks could be trivially exploited against any docker container that is doing this.
multichain
security
asked
Jun 30, 2017
by
dp_blockparty
Please
log in
or
register
to add a comment.
Please
log in
or
register
to answer this question.
2 Answers
0
votes
Thanks for your comment - indeed we'll be moving the entire MultiChain website over to https with the production release.
answered
Jul 2, 2017
by
MultiChain
Please
log in
or
register
to add a comment.
+1
vote
FYI the switchover to https/SSL is complete.
answered
Jul 9, 2017
by
MultiChain
Hey that is great news, but I think it is still important for you to provide a shasum of the tar file so that it can be verified that it has not been modified in transit after being downloaded. Even over SSL this is an issue to be concerned with.
Please
log in
or
register
to add a comment.
...