Topic: Please stop using rpcallowip=* in your Configuration Examples (Read 7167 times)

Yes, I have seen a bit of that also. I would also think those who have set up services would have more knowledge then the average newbie trying to set up a wallet.

Especially cringe worthy to me are coin service providers that use phpMyAdmin to manage databases on services that handle users coins. I admit to using it on coin explorers, mostly the server with the CCE3 test explorers, but never on any of my sites that handle other peoples coins (My pools). The command line console for mysql is not that hard to learn and use and MANY times more secure then phpMyAdmin.
Call me old fashioned, but I want as few ports and exposure to the Internet as possible when handling other peoples assets.

The loopback address ( 127.0.0.1 aka localhost ) works without needing special mention in the config file or commandline args.

Which of course is yet another reason not to run on a shared machine.

-MarkM-

Your help would be very appreciated

thank you for the info. So we don't even need rpcallowip= ?
With the user name and pass, do you create that yourself and make sure it matches the .conf?
Or do we use the shortcut target "-server" method for all coins?

Thank you for your reminding 

While you are at it maybe for people who set up exchanges on shared hosting all the ancient GCI-script etc advices saying to use chmod 777 could also be worth warning against...

-MarkM-

Thanks for the information

I have been noticing a trend of really bad configuration file examples lately. While most are harmless, one parameter poses a large security risk to the user.


1. rpcallowip is only needed in special situations where one wants to allow the client/daemon to accept RPC connections outside the localhost. Generally solo miners who want to point their rigs to a single daemon on the network.

2. rpcallowip=*  tells the client/daemon to accept RPC connections from anybody-anywhere. If the rpcallowip setting is needed, restrict it to a certain IP address or network. For example:

This will restrict connections to hosts 192.168.1.0 - 192.168.1.255(The typical private subnet used on home networks)

Other oddballs:

Unless you need to change the RPC or P2P port from the default in the client/daemon, there is no need for this.
Any of these extra settings are not needed and they are on by default or in the case of daemon=1 normally passed as a command line option as it only effects the non gui command line daemon.


A typical user configuration file only needs:

This is even optional as it sets the QT client to accept RPC commands, but harmless if set and not used. Some QT clients need this to use the RPC console in the debug menu.

Required for the most part

 Required for the most part.



Other useful parameters:

 This gives the client/daemon a node to try every time it starts. Useful for new coins with no seed nodes hard coded in the source, or new coins with few nodes.

 This tells the client/daemon to build a full transaction index and allow one to retrieve non-wallet transactions typically through the "getrawtransaction 1" command. If added after the client has already started building or has built the block chain database, the switch "-reindex" will need to be used one time after the parameter has been added.