docs: clarify RPC credentials security boundary #32424

1. 
   crStiv commented at 9:40 am on May 6, 2025: none

   Explicitly states that RPC credentials grant full administrative access to the node and filesystem resources accessible by bitcoind. Adds a new section in JSON-RPC-interface.md to address issue #32274 by documenting that providing RPC credentials to untrusted clients
2. 
   DrahtBot commented at 9:40 am on May 6, 2025: contributor

   The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

   Code Coverage & Benchmarks

   For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32424.

   Reviews

   See the guideline for information on the review process.

   Type	Reviewers
   ACK	janb84
   Stale ACK	davidgumberg

   If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

3. DrahtBot added the label Docs on May 6, 2025
4. in doc/JSON-RPC-interface.md:132 in ed862012f7 outdated

   127+  node and any filesystem resources the bitcoind process can access. For example,
   128+  clients can load wallet files from arbitrary paths that the bitcoind process
   129+  has permission to access, specify custom file paths for operations, and perform
   130+  any action available through the RPC interface. For these reasons, providing RPC
   131+  credentials to untrusted clients is equivalent to giving them full control of
   132+  the node and the same system privileges as the user running bitcoind. When
   

   ---

   ---

   

   janb84 commented at 6:23 pm on May 6, 2025:

   0  the node and the same system privileges as the operating system user account running bitcoind. When
   

   Small NIT, but fine to ignore

5. 
   janb84 commented at 6:31 pm on May 6, 2025: contributor

   ACK ed86201

   The updated documentation provides greater clarity on the security consequences of sharing RPC credentials.

6. maflcko requested review from davidgumberg on May 6, 2025
7. 
   davidgumberg commented at 6:41 pm on May 6, 2025: contributor

   lgtm ACK https://github.com/bitcoin/bitcoin/pull/32424/commits/ed862012f747d4e5248f08ff25183dc666c3de6e

   I opened #32274 because I wasn’t sure if this status quo is desirable or not, but I believe this documentation note reflects the present expectations for bitcoind RPC servers.

8. 
   janb84 commented at 8:27 pm on May 6, 2025: contributor

   Please squash your commits
9. crStiv force-pushed on May 6, 2025
10. 
    crStiv commented at 9:14 pm on May 6, 2025: none

    Please squash your commits @janb84 yeah sure, np

11. 
    janb84 commented at 7:44 am on May 7, 2025: contributor

    reACK 348dc97

    Changes since last ACK:

    • Small textual change @crStiv thnx for incorporating my nit !
12. 
    luke-jr commented at 1:34 am on May 14, 2025: member

    Seems to contradict the existence of -rpcwhitelist
13. Update JSON-RPC-interface.md

    Update doc/JSON-RPC-interface.md
    
    Co-Authored-By: Jan B <608446+janb84@users.noreply.github.com>

    e486cd0ab0
14. crStiv requested review from janb84 on May 19, 2025
15. 
    crStiv commented at 10:51 am on May 19, 2025: none

    Seems to contradict the existence of -rpcwhitelist @luke-jr now seems to be better, what are your thoughts?

16. crStiv force-pushed on May 19, 2025
17. 
    janb84 commented at 11:29 am on May 19, 2025: contributor

    Would move the remark of the -rpcwhitelist to the end of the section and add something about the -rpcwhitelistdefault function that is needed to set the default on no whitelist for all users. The added documentation is still strong imo 👍
18. Update JSON-RPC-interface.md d6f622f36c
19. 
    janb84 commented at 11:57 am on May 19, 2025: contributor

    re ACK https://github.com/bitcoin/bitcoin/commit/d6f622f36cfcf04d94f96ea360e346c5b9337be4

    Changes since last ACK:

    • Added text to clarify that there are additional flags to restrict RPC access

Contributors
crStiv DrahtBot janb84 davidgumberg luke-jr

Review Requested
davidgumberg

Labels
Docs