Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document RPC security assumptions #1575

Merged
merged 3 commits into from Oct 21, 2016
Merged

Conversation

@arcalinea
Copy link
Contributor

@arcalinea arcalinea commented Oct 20, 2016

Document RPC security assumptions in security-warnings.md #965

RPC Interface
---------------

If the client knows the RPC password, they have full access to the node. Users should choose a strong RPC password, and refrain from changing the default setting that only allows RPC connections from localhost. A remote host would enable a MITM to execute arbitrary RPC commands. For multi-user services that use one or more zcashd instances on the backend, the parameters passed in by users should be controlled to prevent confused-deputy attacks which could spend from any keys held by that zcashd.

This comment has been minimized.

@daira

daira Oct 20, 2016
Contributor

If the client knows the RPC password, they have at least full access to the node. In addition, certain RPC commands can be misused to overwrite files and/or take over the account that is running zcashd. (We may in future restrict those commands, but full node access –including the ability to spend from keys held by the wallet and export those keys– would still be possible unless wallet methods are disabled.)

Users should choose a strong RPC password, and refrain from changing the default setting that only allows RPC connections from localhost. Allowing connections from remote hosts would enable a MITM to execute arbitrary RPC commands, which could lead to compromise of the account running zcashd and loss of funds. For multi-user services that use one or more zcashd instances on the backend, the parameters passed in by users should be controlled to prevent confused-deputy attacks which could spend from any keys held by that zcashd.

This comment has been minimized.

@str4d

str4d Oct 20, 2016
Contributor

[comment] If no RPC username and password is set, zcashd will not start and prints an error message with a suggestion for a strong random RPC password.

This comment has been minimized.

@ZeroBit

ZeroBit Nov 3, 2016

Is it allowable to change rpcpassword from time to time? If I change password how will it affect my wallet and funds? Should I generate new z- and t- addrs?

@daira
Copy link
Contributor

@daira daira commented Oct 20, 2016

ACK. @zkbot r+

@zkbot
Copy link
Collaborator

@zkbot zkbot commented Oct 20, 2016

📌 Commit 78376ca has been approved by daira

@daira daira added this to the 1.0.0-rc2 milestone Oct 20, 2016
zkbot pushed a commit that referenced this pull request Oct 20, 2016
Document RPC security assumptions

Document RPC security assumptions in security-warnings.md #965
@zkbot
Copy link
Collaborator

@zkbot zkbot commented Oct 20, 2016

Testing commit 78376ca with merge 78293a9...

@zkbot
Copy link
Collaborator

@zkbot zkbot commented Oct 21, 2016

☀️ Test successful - zcash

@zkbot zkbot merged commit 78376ca into zcash:master Oct 21, 2016
1 check passed
1 check passed
homu Test successful
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants
You can’t perform that action at this time.