How is Ripple secure, really?
The main security feature is that you’re dealing with friends and not institutions reliant on adversarial processes. However, an unauthorized payment made to a stranger still has to be resolved somehow. Neighbouring nodes can verify that all transactions originating at a given node have been personally (digitally) signed by the owner of that node. This breaks down if some neighbours are on the same server, and that server gets compromised. Ideally nodes would be run on a secure OS with execution privileges that prevent code modifications, and with separate web and database servers. A good Ripple host would offer to take the hit for customer losses due to a hacked server, just as a bank would. Despite the great potential rewards for hacking into a bank server, it doesn’t seem to happen very often. And hacking Ripple requires gaining access to at least two neighbouring nodes, not just a single bank account. The truly paranoid could run their own single-node server to make this more diffi
