Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Doc: add information about security to the JSON-RPC doc #15223

Merged
merged 1 commit into from Jan 24, 2019

Conversation

Projects
None yet
6 participants
@harding
Copy link
Member

commented Jan 21, 2019

This documents some information about using the RPC interface securely, as suggested in bitcoin-core/bitcoincore.org#637 by @luke-jr and @TheBlueMatt. I think it should fit in well with #14458, but is not dependent on it (and shouldn't have any significant merge conflicts with it).

@harding harding force-pushed the harding:2019-01-rpc-security branch Jan 21, 2019

@fanquake fanquake added the Docs label Jan 21, 2019

doc/JSON-RPC-interface.md Outdated

You may optionally allow other computers to remotely control Bitcoin
Core by setting the `rpcallowip` and `rpcbind` configuration parameters.
**Do not enable RPC connections over the public Internet.** These

This comment has been minimized.

Copy link
@laanwj

laanwj Jan 22, 2019

Member

Don't know if it is necessary but could mention ssh forwarding of the RPC port, as an option that does provide encryption and and can be used over the internet.

doc/JSON-RPC-interface.md Outdated
choose a strong and unique passphrase (and still don't use insecure
networks, as mentioned above).

The RPC interface does not guarantee any escaping of data beyond what's

This comment has been minimized.

Copy link
@laanwj

laanwj Jan 22, 2019

Member

Maybe add sub-section titles; ports, escaping, remote access … so that it's easier to navigate this text for people looking for a specific thing

@laanwj

This comment has been minimized.

Copy link
Member

commented Jan 22, 2019

Looks good, thanks!
ACK

@harding harding force-pushed the harding:2019-01-rpc-security branch Jan 22, 2019

@harding

This comment has been minimized.

Copy link
Member Author

commented Jan 22, 2019

Forced pushed updates for @laanwj's suggestions:

  • Converted to a descriptive list, with each bullet point briefly describing the contents of that point ("securing the executable", "securing local network access", "securing remote network access", "secure authentication", and "secure string handling")

  • Added a note about VPNs and ssh port forwarding being acceptable alternatives to (local) secure private network

@promag
Copy link
Member

left a comment

Concept ACK, and after brief read LGTM. Maybe also mention stunnel after VPN and SSH port?

doc/JSON-RPC-interface.md Outdated
computers to remotely control Bitcoin Core by setting the `rpcallowip`
and `rpcbind` configuration parameters. These settings are only meant
for enabling connections over secure private networks or connections
that have been otherwise secured (e.g. using a VPN or ssh port

This comment has been minimized.

Copy link
@promag

promag Jan 23, 2019

Member

nit, SSH.

@Sjors

This comment has been minimized.

Copy link
Member

commented Jan 23, 2019

ACK 65e20d7

@harding harding force-pushed the harding:2019-01-rpc-security branch to 5a5ea93 Jan 23, 2019

@laanwj laanwj merged commit 5a5ea93 into bitcoin:master Jan 24, 2019

2 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

laanwj added a commit that referenced this pull request Jan 24, 2019

Merge #15223: Doc: add information about security to the JSON-RPC doc
5a5ea93 Doc: add information about security to the JSON-RPC doc (David A. Harding)

Pull request description:

  This documents some information about using the RPC interface securely, as suggested in bitcoin-core/bitcoincore.org#637 by @luke-jr and @TheBlueMatt.  I think it should fit in well with #14458, but is not dependent on it (and shouldn't have any significant merge conflicts with it).

Tree-SHA512: e09d82c3029ed17a8bcf50722ea25a8c6c514731f3bce01908cbb6fe48bc96a3068a025beabebc602d18e1bc0dc3f2602848abc05dca1d3efe2a988ee50068c0
@andronoob

This comment has been minimized.

Copy link

commented Jan 24, 2019

@Sjors

This comment has been minimized.

Copy link
Member

commented Jan 24, 2019

@andronoob not for RPC, because (non ancient) browsers will refuse to communicate due to lacking CORS headers. Electrum, from I remember, does have those CORS headers, because it consists of a "server" and a (javascript based) GUI "client". The problem there was that not just the client could talk to the server, but any website could.

Because of these missing headers, websites can't communicate with the RPC. Even if they could, they would need to know the username & password.

There's also a REST API which is unauthenticated, but only shows public info like blocks; it doesn't expose the wallet. It currently doesn't have CORS headers and probably shouldn't, but not so much for security reasons as for scope creep. See the discussion in #12040 for more context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.