Struggling with the 'control_auth_cookie' design concept #19
Comments
|
I haven't looked at Tor.framework's control auth cookie bits in a while, so this is going to be more about the control port and auth cookies in general: Basically, the way you interact with the internal Tor process is via the "control port". The protocol there is basically just telnet. There's a good (but somewhat out of date) intro to the control port here: http://www.thesprawl.org/research/tor-control-protocol/ (If you're really unfamiliar with tor, on non-iOS platforms the tor client is usually run as a daemon or as subprocess of another app — Tor Browser on desktops launches it's own copy of the internal tor command-line client in this manner. So you need the control port as a way for your app to communicate with Tor and manage what it's doing.) Tor has a few ways of authenticating access to the control port (so users that can talk to that port can't alter Tor settings without proving they have access). Either a password is hard-coded into Tor's config ( In either case, this value (the hashed password or the cookie) is passed into the On iOS, using the cookie authentication method is convenient because app file storage is strictly sandboxed (so you're somewhat protected against another app which may try to talk to your control port). Anyway, this is not something the user will enter in; it is an implementation detail for a tor-using app that needs to communicate with a tor process. Hope that helps. |
Can you provide more details on the design pattern around the control_auth_cookie part of the API? Is this something that the user enters and how do they get this cookie? Or is this something that TOR provides and the UI needs to be able to access and provide back to the TOR controller to gain access to the Tor controller?
Sorry, this might be a newbie question: I am new to TOR
The text was updated successfully, but these errors were encountered: