Author Topic: Potential security method upgrade : RPC whitelist file  (Read 1338 times)

0 Members and 1 Guest are viewing this topic.

Offline abit

  • Committee member
  • Hero Member
  • *
  • Posts: 4664
    • View Profile
    • Abit's Hive Blog
  • BitShares: abit
  • GitHub: abitmore
BitShares committee member: abit
BitShares witness: in.abit

Offline wackou

In the meantime, people can already use the bts-proxy package I developed at the beginning of the year to achieve the same functionality:

https://bitsharestalk.org/index.php?topic=13143

It has of course a slight overhead, as it is a proxy and not integrated into the client, but it should be negligible.
Please vote for witness wackou! More info at http://digitalgaia.io

Offline btswildpig

  • Hero Member
  • *****
  • Posts: 1424
    • View Profile
RPC whitelist file (only RPC commands in this file can run) #1421
https://github.com/BitShares/bitshares/issues/1421

Short story short ...

RPC is the communication portal between the BitShares Client and other applications .
Use the RPC port / username /pass , you can essentially do whatever you want with a wallet .

For some applications , like home computer working with a remote wallet using RPC port , and if the bad guy controls the port , then he controls the wallet with all the function available , like transfer , vote , etc ...

But with Whitelist , if the RPC command was not enabled in the whitelist file , then the bad guys can't excute the specific RPC command even with full control of the RPC port .
这个是私人账号,表达的一切言论均不代表任何团队和任何人。This is my personal account , anything I said with this account will be my opinion alone and has nothing to do with any group.