Explicitly states that RPC credentials grant full administrative access to the node and filesystem resources accessible by bitcoind. Adds a new section in JSON-RPC-interface.md to address issue #32274 by documenting that providing RPC credentials to untrusted clients
reopened #32424
P.S. I’ve tried to somehow squash all the commits from the previous pr but accidentally closed the pr and had no idea how to return back, therefore created a new pr, I’m really sorry for the inconvenience
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.
For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33196.
See the guideline for information on the review process.
| Type | Reviewers |
|---|---|
| ACK | janb84 |
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.
ACK 433954b6a5bd7480f7e05e58eafeac1dc6dfae7c
This PR adds information about security considerations when using RPC clients. Although bitcoin-core has done everything to minimise the risks of using RPC, it’s good to inform the user of the risks and the extra security precautions the user can take.
Informing the public about security risks and methods to mitigate them demonstrates responsible stewardship; therefore, I support this pull request.