Jump to content
Tim58

How to trust a rippled api server?

Recommended Posts

How can I be assured that the rippled server my wallet is connected to is returning results from the consensus ledger?  E.g., if an attacker controls the server I am connected to, or my connection to it, can't they easily make it appear that funds have been transferred to me?

Let's say I am confident that I am currently connected to the consensus ledger.  Is there a fingerprint I can save that would confirm a future transaction was validated by that same entity?  Or, what is the best practice?   Do I need to run my own rippled tracking server and maintain contact with multiple validating nodes?

Share this post


Link to post
Share on other sites
1 hour ago, Tim58 said:

How can I be assured that the rippled server my wallet is connected to is returning results from the consensus ledger?

By running the server yourself.

1 hour ago, Tim58 said:

Do I need to run my own rippled tracking server and maintain contact with multiple validating nodes?

Yes to the first part, no to the second one. You don't need to be connected to validators, but your server should be connected to other nodes on the network.

Share this post


Link to post
Share on other sites

Okay, thanks.  This is for a hardware wallet, with connectivity provided by a mobile app, so not really feasible for end-user to run rippled.  I see that some other wallets just default to one of s1.ripple.com, s2, s3, s-west, s-east, as well as giving user option to choose their own server.  I don't have much worry about trustworthiness of those servers, but more about MITM.  I was hoping there might be some kind of signed transaction verification.

Share this post


Link to post
Share on other sites

You connect via HTTPS/WSS there, so you get the normal TLS security properties. That should protect the connection itself, in case you trust the servers. If you don't trust the servers, you need data from a trustworthy server to compare or verify against.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...