docs: clarify RPC credentials security boundary #33196

pull crStiv wants to merge 1 commits into bitcoin:master from crStiv:ishak2 changing 1 files +10 −0
  1. crStiv commented at 1:56 pm on August 15, 2025: none

    Explicitly states that RPC credentials grant full administrative access to the node and filesystem resources accessible by bitcoind. Adds a new section in JSON-RPC-interface.md to address issue #32274 by documenting that providing RPC credentials to untrusted clients

    reopened #32424

    P.S. I’ve tried to somehow squash all the commits from the previous pr but accidentally closed the pr and had no idea how to return back, therefore created a new pr, I’m really sorry for the inconvenience

  2. DrahtBot added the label Docs on Aug 15, 2025
  3. DrahtBot commented at 1:56 pm on August 15, 2025: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33196.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Stale ACK janb84, davidgumberg

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

  4. janb84 commented at 9:03 am on August 18, 2025: contributor

    ACK 433954b6a5bd7480f7e05e58eafeac1dc6dfae7c

    This PR adds information about security considerations when using RPC clients. Although bitcoin-core has done everything to minimise the risks of using RPC, it’s good to inform the user of the risks and the extra security precautions the user can take.

    Informing the public about security risks and methods to mitigate them demonstrates responsible stewardship; therefore, I support this pull request.

  5. davidgumberg commented at 3:41 pm on October 21, 2025: contributor
    ACK 433954b
  6. docs: clarify RPC credentials security boundary a5ba434a02
  7. in doc/JSON-RPC-interface.md:139 in 433954b6a5 
    134+  separate user accounts with restricted permissions) rather than relying solely on
135+  RPC access controls. While Bitcoin Core provides the `-rpcwhitelist` option to
136+  restrict which RPC commands specific users can access, and `-rpcwhitelistdefault`
137+  to control the default behavior for users without explicit whitelists, these should
138+  not be considered robust security boundaries, as users with access to certain
139+  commands may still be able to exploit functionality in unexpected ways.
    glozow commented at 4:52 pm on October 31, 2025:
    The first few sentences seem largely redundant with the rest of the docs (see few paragraphs of “Security” section, and “Secure authentication”. However, the bit about whitelisting RPC commands for specific users seems helpful.
    davidgumberg commented at 9:55 pm on November 20, 2025:
    I think the existing docs make it pretty clear that other processes/users with access to the machine can comprise the node, but I think what is not obvious in the existing docs is that the other direction is true as well, someone with RPC access can probably compromise the machine the bitcoind node is running on.
  8. crStiv force-pushed on Nov 3, 2025
  9. crStiv requested review from glozow on Nov 3, 2025


crStiv DrahtBot janb84 davidgumberg glozow


glozow

Labels
Docs

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-11-23 21:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me