[tor-dev] How to query HS hostname from control port

Jesse V kernelcorn at riseup.net
Sat Sep 10 00:06:54 UTC 2016


On 09/09/2016 04:23 AM, dawuud wrote:
> How does ADD_ONION help with tor vs app data isolation?  Why do you
> have to modify any torrc at all? Can't you do everything through the
> control port? I suppose there are many options not available via control port.
> 

Under the old method I required the user to set up the hidden/onion
service by adding a line to their torrc. That's not necessary if I used
ADD_ONION. In both methods I still need them to enable the control port
and an authentication, but it's just one less requirement using ADD_ONION.

Data isolation is improved because it separates responsibility. In
Linux, the tor binary runs under a separate user and sets up permissions
to protect sensitive data. My OnioNS software can run as a separate user
as well. This way, data is isolated to its respective software and I'm
not mixing everything.

-- 
Jesse V

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 534 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160909/936bacac/attachment.sig>


More information about the tor-dev mailing list