Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

eth wallet sec review issues #15012

Closed
diracdeltas opened this issue Aug 14, 2018 · 4 comments
Closed

eth wallet sec review issues #15012

diracdeltas opened this issue Aug 14, 2018 · 4 comments

Comments

@diracdeltas
Copy link
Member

diracdeltas commented Aug 14, 2018

  1. add rpcvhosts whitelist
  2. filtering issue: https://github.com/brave/browser-laptop/pull/14734/files#r209091856
  3. (not security but still a review issue that wasn't resolved): https://github.com/brave/browser-laptop/pull/14734/files#diff-2be38b3d97f35cd818780bac4be979c4R721

also get final security sign off from either @evq or @riastradh-brave

@tildelowengrimm
Copy link

@evq will provide the right flag for rpcvhosts.

@tildelowengrimm
Copy link

@ryanml Is responsible for #2 on this list.

@tildelowengrimm
Copy link

Should also alphabetize the sources in package.json. #14734 (comment)

@evq
Copy link
Member

evq commented Aug 14, 2018

rpcvhosts is actually not neccessary - the default value for it is localhost [1]. if we wanted to set it "just in case" we could pass --rpcvhosts localhost but I confirmed it is not necessary against current geth launch flags:

[user@work:~/source/browser-laptop]% curl -X POST -H "content-type: application/json" --data '{"jsonrpc":"2.0","method":"admin_peers","params":[],"id":74}' work:40800
invalid host specified

[1] https://github.com/ethereum/go-ethereum/blob/5d7e18539e32cb4f1aafab8e977e28a7cd34da9c/node/defaults.go#L42
[2] https://github.com/ethereum/go-ethereum/blob/5d7e18539e32cb4f1aafab8e977e28a7cd34da9c/rpc/http.go#L318

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

6 participants