pagekite secret - how secure with multiple accounts ?

242 views
Skip to first unread message

krikrou

unread,
Oct 26, 2012, 11:37:08 AM10/26/12
to pagekite...@googlegroups.com
Hi all, 
I just tried pagekite and it is working even better than what I would have expected ! (400 ms response time for a site hosted on my small machine, that's not bad - without any optimization : )

Now, I am working on a fully decentralized application where pagekite would play a central role, and one thing is not really clear to me (or I could not find the information I was looking for):
- is there a risk (security-wise) if/when the pagekite secret is revealed ? I guess so - otherwise it would not be secret, but what does that involve concretely? 

The scenario I am looking at might involve a few hundreds of CNAMES each pointing to a xml database instance located around the world - and accessible through pagekite magic under the same domain. Now, it is very likely that the pagekite secret will not be secret anymore in this situation. So, alternative question: 
- is there a way to have a different pagekite secret per CNAME ?

Thanks ad keep up the very good work,
Cheers,
Christophe

Bjarni Rúnar Einarsson

unread,
Oct 26, 2012, 12:19:54 PM10/26/12
to pagekite...@googlegroups.com
Hello :)

Replies are inline below.

On Fri, Oct 26, 2012 at 3:37 PM, krikrou <christop...@gmail.com> wrote:

Now, I am working on a fully decentralized application where pagekite would play a central role, and one thing is not really clear to me (or I could not find the information I was looking for):
- is there a risk (security-wise) if/when the pagekite secret is revealed ? I guess so - otherwise it would not be secret, but what does that involve concretely? 

People who have the secret can fly kites using your name and create new kites.

So as far as the PageKite service is concerned, that is pretty much complete control over the aside from billing-related aspects. :-)

The scenario I am looking at might involve a few hundreds of CNAMES each pointing to a xml database instance located around the world - and accessible through pagekite magic under the same domain. Now, it is very likely that the pagekite secret will not be secret anymore in this situation. So, alternative question: 
- is there a way to have a different pagekite secret per CNAME ?

Yes. You can edit each kite's secret using the web interface at https://pagekite.net/home/ , just click on the world "default" in the secret column and edit.

If you are going to do a lot of this and need it automated, there is an XML-RPC interface which can be used to both create and configure individual kites, including the secret.

--
Bjarni R. Einarsson
Founder, lead developer of PageKite.

Make localhost servers visible to the world: https://pagekite.net/

Bjarni Rúnar Einarsson

unread,
Oct 26, 2012, 12:30:59 PM10/26/12
to pagekite...@googlegroups.com
One more thing - note that there are currently limits on how many simultaneous connections a given account can run at a time.  If you are serious about hundreds of connections, you may want to discuss terms with us off-list.  Obviously that's going to cost more than $3/month. :-)

There is currently one "standard" option for such use cases on our subscription page (the embedded developer subscription), but depending on what you are doing it may or may not be a good fit.  Feel free to send us mail at he...@pagekite.net and we'll help figure out something that works for you.

 - Bjarni

krikrou

unread,
Oct 26, 2012, 3:52:44 PM10/26/12
to pagekite...@googlegroups.com


On Friday, October 26, 2012 6:19:55 PM UTC+2, Bjarni Rúnar Einarsson wrote:
Hello :)

Replies are inline below.

On Fri, Oct 26, 2012 at 3:37 PM, krikrou <christop...@gmail.com> wrote:

Now, I am working on a fully decentralized application where pagekite would play a central role, and one thing is not really clear to me (or I could not find the information I was looking for):
- is there a risk (security-wise) if/when the pagekite secret is revealed ? I guess so - otherwise it would not be secret, but what does that involve concretely? 

People who have the secret can fly kites using your name and create new kites.

So as far as the PageKite service is concerned, that is pretty much complete control over the aside from billing-related aspects. :-)

The scenario I am looking at might involve a few hundreds of CNAMES each pointing to a xml database instance located around the world - and accessible through pagekite magic under the same domain. Now, it is very likely that the pagekite secret will not be secret anymore in this situation. So, alternative question: 
- is there a way to have a different pagekite secret per CNAME ?

Yes. You can edit each kite's secret using the web interface at https://pagekite.net/home/ , just click on the world "default" in the secret column and edit.

oups, somehow I missed the default column ; )
 
If you are going to do a lot of this and need it automated, there is an XML-RPC interface which can be used to both create and configure individual kites, including the secret
Excellent, that was going to be my next question. Unfurtunately, I don't think my DNS offers the similar facilities for adding CNAMEs 

krikrou

unread,
Oct 26, 2012, 4:09:08 PM10/26/12
to pagekite...@googlegroups.com


On Friday, October 26, 2012 6:31:00 PM UTC+2, Bjarni Rúnar Einarsson wrote:
One more thing - note that there are currently limits on how many simultaneous connections a given account can run at a time.  If you are serious about hundreds of connections, you may want to discuss terms with us off-list.  Obviously that's going to cost more than $3/month. :-)
And obviously, that is just normal : ). People need to get paid for their good work - I also wish so for mine
 

There is currently one "standard" option for such use cases on our subscription page (the embedded developer subscription), but depending on what you are doing it may or may not be a good fit.  Feel free to send us mail at he...@pagekite.net and we'll help figure out something that works for you.
I am serious about hundreds of connections, but this is not going to happen overnight - and cannot guarantee the success of my app before-hand. 
I built the tool so as to limit the amount of data transmitted though the pagekite proxy - the bulk of resources (js, css, static content is served from a "standard" web server).
I'll contact you later on (weeks/months) re details/arrangements.
Cheers
Reply all
Reply to author
Forward
0 new messages