mirror of
https://github.com/dashpay/dash.git
synced 2024-12-24 19:42:46 +01:00
15799 / 15223 Dashification
Signed-off-by: pasta <pasta@dashboost.org>
This commit is contained in:
parent
fd0a1cf410
commit
a2652e5648
@ -7,7 +7,7 @@ Dialog.
|
||||
|
||||
## Versioning
|
||||
|
||||
The RPC interface might change from one major version of Bitcoin Core to the
|
||||
The RPC interface might change from one major version of Dash Core to the
|
||||
next. This makes the RPC interface implicitly versioned on the major version.
|
||||
The version tuple can be retrieved by e.g. the `getnetworkinfo` RPC in
|
||||
`version`.
|
||||
@ -19,21 +19,21 @@ were deprecated and how to re-enable them temporarily.
|
||||
|
||||
## Security
|
||||
|
||||
The RPC interface allows other programs to control Bitcoin Core,
|
||||
The RPC interface allows other programs to control Dash Core,
|
||||
including the ability to spend funds from your wallets, affect consensus
|
||||
verification, read private data, and otherwise perform operations that
|
||||
can cause loss of money, data, or privacy. This section suggests how
|
||||
you should use and configure Bitcoin Core to reduce the risk that its
|
||||
you should use and configure Dash Core to reduce the risk that its
|
||||
RPC interface will be abused.
|
||||
|
||||
- **Securing the executable:** Anyone with physical or remote access to
|
||||
the computer, container, or virtual machine running Bitcoin Core can
|
||||
the computer, container, or virtual machine running Dash Core can
|
||||
compromise either the whole program or just the RPC interface. This
|
||||
includes being able to record any passphrases you enter for unlocking
|
||||
your encrypted wallets or changing settings so that your Bitcoin Core
|
||||
your encrypted wallets or changing settings so that your Dash Core
|
||||
program tells you that certain transactions have multiple
|
||||
confirmations even when they aren't part of the best block chain. For
|
||||
this reason, you should not use Bitcoin Core for security sensitive
|
||||
this reason, you should not use Dash Core for security sensitive
|
||||
operations on systems you do not exclusively control, such as shared
|
||||
computers or virtual private servers.
|
||||
|
||||
@ -43,43 +43,43 @@ RPC interface will be abused.
|
||||
and passphrase). Any program on your computer with access to the file
|
||||
system and local network can obtain this level of access.
|
||||
Additionally, other programs on your computer can attempt to provide
|
||||
an RPC interface on the same port as used by Bitcoin Core in order to
|
||||
an RPC interface on the same port as used by Dash Core in order to
|
||||
trick you into revealing your authentication credentials. For this
|
||||
reason, it is important to only use Bitcoin Core for
|
||||
reason, it is important to only use Dash Core for
|
||||
security-sensitive operations on a computer whose other programs you
|
||||
trust.
|
||||
|
||||
- **Securing remote network access:** You may optionally allow other
|
||||
computers to remotely control Bitcoin Core by setting the `rpcallowip`
|
||||
computers to remotely control Dash Core by setting the `rpcallowip`
|
||||
and `rpcbind` configuration parameters. These settings are only meant
|
||||
for enabling connections over secure private networks or connections
|
||||
that have been otherwise secured (e.g. using a VPN or port forwarding
|
||||
with SSH or stunnel). **Do not enable RPC connections over the public
|
||||
Internet.** Although Bitcoin Core's RPC interface does use
|
||||
Internet.** Although Dash Core's RPC interface does use
|
||||
authentication, it does not use encryption, so your login credentials
|
||||
are sent as clear text that can be read by anyone on your network
|
||||
path. Additionally, the RPC interface has not been hardened to
|
||||
withstand arbitrary Internet traffic, so changing the above settings
|
||||
to expose it to the Internet (even using something like a Tor hidden
|
||||
service) could expose you to unconsidered vulnerabilities. See
|
||||
`bitcoind -help` for more information about these settings and other
|
||||
`dashd -help` for more information about these settings and other
|
||||
settings described in this document.
|
||||
|
||||
Related, if you use Bitcoin Core inside a Docker container, you may
|
||||
Related, if you use Dash Core inside a Docker container, you may
|
||||
need to expose the RPC port to the host system. The default way to
|
||||
do this in Docker also exposes the port to the public Internet.
|
||||
Instead, expose it only on the host system's localhost, for example:
|
||||
`-p 127.0.0.1:8332:8332`
|
||||
|
||||
- **Secure authentication:** By default, Bitcoin Core generates unique
|
||||
- **Secure authentication:** By default, Dash Core generates unique
|
||||
login credentials each time it restarts and puts them into a file
|
||||
readable only by the user that started Bitcoin Core, allowing any of
|
||||
readable only by the user that started Dash Core, allowing any of
|
||||
that user's RPC clients with read access to the file to login
|
||||
automatically. The file is `.cookie` in the Bitcoin Core
|
||||
automatically. The file is `.cookie` in the Dash Core
|
||||
configuration directory, and using these credentials is the preferred
|
||||
RPC authentication method. If you need to generate static login
|
||||
credentials for your programs, you can use the script in the
|
||||
`share/rpcauth` directory in the Bitcoin Core source tree. As a final
|
||||
`share/rpcauth` directory in the Dash Core source tree. As a final
|
||||
fallback, you can directly use manually-chosen `rpcuser` and
|
||||
`rpcpassword` configuration parameters---but you must ensure that you
|
||||
choose a strong and unique passphrase (and still don't use insecure
|
||||
|
Loading…
Reference in New Issue
Block a user