Doc: add information about security to the JSON-RPC doc #15223

pull harding wants to merge 1 commits into bitcoin:master from harding:2019-01-rpc-security changing 1 files +79 −0
  1. harding commented at 9:09 PM on January 21, 2019: contributor

    This documents some information about using the RPC interface securely, as suggested in https://github.com/bitcoin-core/bitcoincore.org/pull/637 by @luke-jr and @TheBlueMatt. I think it should fit in well with #14458, but is not dependent on it (and shouldn't have any significant merge conflicts with it).

  2. harding force-pushed on Jan 21, 2019
  3. fanquake added the label Docs on Jan 21, 2019
  4. in doc/JSON-RPC-interface.md:41 in 54e30351bf outdated 
      36 | +use Bitcoin Core for security-sensitive operations on a computer whose
  37 | +other programs you trust.
  38 | +
  39 | +You may optionally allow other computers to remotely control Bitcoin
  40 | +Core by setting the `rpcallowip` and `rpcbind` configuration parameters.
  41 | +**Do not enable RPC connections over the public Internet.**  These
    laanwj commented at 11:12 AM on January 22, 2019:

    Don't know if it is necessary but could mention ssh forwarding of the RPC port, as an option that does provide encryption and and can be used over the internet.

  5. in doc/JSON-RPC-interface.md:71 in 54e30351bf outdated 
      66 | +final fallback, you can directly use manually-chosen `rpcuser` and
  67 | +`rpcpassword` configuration parameters---but you must ensure that you
  68 | +choose a strong and unique passphrase (and still don't use insecure
  69 | +networks, as mentioned above).
  70 | +
  71 | +The RPC interface does not guarantee any escaping of data beyond what's
    laanwj commented at 11:14 AM on January 22, 2019:

    Maybe add sub-section titles; ports, escaping, remote access … so that it's easier to navigate this text for people looking for a specific thing

  6. laanwj commented at 11:16 AM on January 22, 2019: member

    Looks good, thanks! ACK

  7. harding force-pushed on Jan 22, 2019
  8. harding commented at 6:27 PM on January 22, 2019: contributor

    Forced pushed updates for @laanwj's suggestions:

    • Converted to a descriptive list, with each bullet point briefly describing the contents of that point ("securing the executable", "securing local network access", "securing remote network access", "secure authentication", and "secure string handling")

    • Added a note about VPNs and ssh port forwarding being acceptable alternatives to (local) secure private network

  9. in doc/JSON-RPC-interface.md:44 in 65e20d70a7 outdated 
      39 | +
  40 | +- **Securing remote network access:** You may optionally allow other
  41 | +  computers to remotely control Bitcoin Core by setting the `rpcallowip`
  42 | +  and `rpcbind` configuration parameters.  These settings are only meant
  43 | +  for enabling connections over secure private networks or connections
  44 | +  that have been otherwise secured (e.g. using a VPN or ssh port
    promag commented at 1:02 AM on January 23, 2019:

    nit, SSH.

  10. promag commented at 1:03 AM on January 23, 2019: member

    Concept ACK, and after brief read LGTM. Maybe also mention stunnel after VPN and SSH port?

  11. Sjors commented at 12:57 PM on January 23, 2019: member

    ACK 65e20d7

  12. Doc: add information about security to the JSON-RPC doc 5a5ea93e87
  13. harding force-pushed on Jan 23, 2019
  14. laanwj merged this on Jan 24, 2019
  15. laanwj closed this on Jan 24, 2019
  16. laanwj referenced this in commit 5eb32d2384 on Jan 24, 2019
  17. andronoob commented at 5:39 PM on January 24, 2019: none

    I once read this: https://www.reddit.com/r/Bitcoin/comments/7ooack/critical_electrum_vulnerability/

    Is there any similarity?

  18. Sjors commented at 8:13 PM on January 24, 2019: member

    @andronoob not for RPC, because (non ancient) browsers will refuse to communicate due to lacking CORS headers. Electrum, from I remember, does have those CORS headers, because it consists of a "server" and a (javascript based) GUI "client". The problem there was that not just the client could talk to the server, but any website could.

    Because of these missing headers, websites can't communicate with the RPC. Even if they could, they would need to know the username & password.

    There's also a REST API which is unauthenticated, but only shows public info like blocks; it doesn't expose the wallet. It currently doesn't have CORS headers and probably shouldn't, but not so much for security reasons as for scope creep. See the discussion in #12040 for more context.

  19. jasonbcox referenced this in commit 0ed2e01bab on Oct 6, 2020
  20. PastaPastaPasta referenced this in commit 7c2aa64582 on Jun 27, 2021
  21. PastaPastaPasta referenced this in commit 5787424963 on Jun 28, 2021
  22. PastaPastaPasta referenced this in commit aae256d1a9 on Jun 29, 2021
  23. PastaPastaPasta referenced this in commit b660ab0fdd on Jul 1, 2021
  24. PastaPastaPasta referenced this in commit 01c5f28697 on Jul 1, 2021
  25. PastaPastaPasta referenced this in commit 63a21fd1c5 on Sep 11, 2021
  26. vijaydasmp referenced this in commit 7db1a44756 on Sep 12, 2021
  27. DrahtBot locked this on Dec 16, 2021
Contributors
hardinglaanwjpromagSjorsandronoob
Labels
Docs
Linked (view graph)
#14458 WIP: Add JSON-RPC interface documentation
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-17 09:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me