Closed 0x234 closed 5 years ago
@jbunce good point! We are using Geth only for ENS resolution, so we hadn't considered if it is secure (which it is not) if people use it for other purposes.
Feel free to submit a PR, or we will update it when we get a chance.
Please don't allow wildcard access from * to
rpcvhosts
orwsorigins
. It only takes an accidental misconfiguration of a service to expose this to the outside world, and you could end up with a drained account. At a minimum you could consider limiting this to the ClusterIP range on your Kubernetes cluster.