Security best practices for hosting a website

Merchants that accept Bitcoin payments don’t need to have their private keys available on the web server.

Could the same concept be applied for hosting a website with ipfs?

So both adding content and publishing an address on ipns will be done in a secure environment, and the server (the ipfs node) just has public keys.

Will this work?

If you have the hash of the content, (even the pub keys of IPNS) you don’t need any private key in IPFS to store and distribute content.
Said that, I am not sure if “broadcasting” IPNS even if you don’t have the IPNS private is there as a feature. Do we have this possibility? (To re-broadcast a “signed” message saying what IPNS hash is pointing to what object/file hash). I am curious as well!

I guess this broadcasting (publishing) the renewed value that the IPNS address points to can also be done on deploy time, so in the same environment as where content is added to a node.

  • Have a local node on your protected LAN
  • On that node add content to the network
  • On that node also publish an IPNS address
  • Then on your servers, you can pin the new content
  • On your LAN you can bring down the node

That should work I think? Feels safer than having nodes running with the secret keys on disk.

1 Like

It would be better to integrate with hardware wallets like Trezor (Mostly cryptos).
This would probably skip all the steps related to having a local node in a protected LAN. (or an offline node)

1 Like

The server? You mean the IPFS gateway?

Feels like security theatre. If they have some zero-day for IPFS they can just use it twice, first once to compromise the public server and then once to compromise the private server.

No the server where the node runs on. Like a VPS. That kind of server :slight_smile:

Well, hiding the private key doesn’t solve all security problems, but it does help I guess?

Any HTTP server has the SSL certificate on disk, that doesn’t cause security problems. It won’t do any harm, but the security increase is negligible. If you’re running compromised software you have bigger problems to worry about, if you’re not then you’re safe anyway.