BitShares Forum

Main => General Discussion => Topic started by: btswildpig on March 06, 2015, 07:10:11 pm

Title: Potential security method upgrade : RPC whitelist file
Post by: btswildpig on March 06, 2015, 07:10:11 pm

RPC whitelist file (only RPC commands in this file can run) #1421
https://github.com/BitShares/bitshares/issues/1421 (https://github.com/BitShares/bitshares/issues/1421)

Short story short ...

RPC is the communication portal between the BitShares Client and other applications .
Use the RPC port / username /pass , you can essentially do whatever you want with a wallet .

For some applications , like home computer working with a remote wallet using RPC port , and if the bad guy controls the port , then he controls the wallet with all the function available , like transfer , vote , etc ...

But with Whitelist , if the RPC command was not enabled in the whitelist file , then the bad guys can't excute the specific RPC command even with full control of the RPC port .

Title: Re: Potential security method upgrade : RPC whitelist file
Post by: wackou on March 06, 2015, 07:23:05 pm

In the meantime, people can already use the bts-proxy package I developed at the beginning of the year to achieve the same functionality:

https://bitsharestalk.org/index.php?topic=13143

It has of course a slight overhead, as it is a proxy and not integrated into the client, but it should be negligible.

Title: Re: Potential security method upgrade : RPC whitelist file
Post by: abit on March 07, 2015, 12:57:05 am

 +5%