-
Notifications
You must be signed in to change notification settings - Fork 232
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement RPC authentication #1893
Comments
It seems like TLS might be preferred however we'll need to deal with certificate generation. Does this already exist or is documented anywhere? Otherwise we'll need to provide details around certificate gen and location so it can be passed in config. It looks like the genkeypair is for wallets and not related to TLS. |
Yeah right, |
Items discussed in dev chat:
rpcServer is the right place to implement this feature, given we want to offer protection from external gRPC connections and can secure with TLS. The thinking is that if/when this feature gets enabled, it will likely cause issues with mining software, like BZminer, where Auth will need to be provided (needs to be tested). The plan is to allow for TLS Auth as optional, not default. In doing so, this will avoid causing any issues with current configurations in miners. This feature would need to be configured to be enabled. More to come and I'll update progress but this is currently underway in development. Shoutout to the Kaspa devs in Discord for helping me navigate this and answering lots of questions 👍 |
Currently, many nodes have RPC ports potentially open to the world
Some manner of authentication should be implemented to mitigate it
Suggested solution: gRPC supports authentication out-of-the-box: https://grpc.io/docs/guides/auth/
The text was updated successfully, but these errors were encountered: