phelixbtc
commented
9 years ago We should standardize a module for RPC access (even if we decide not to use it in this case because of security concerns). In most other places I use namerpc, e.g. here https://github.com/phelix/nameGUI/blob/master/lib/namerpc.py There are slightly different versions of it flying around of it, though, the nameGUI one is the latest.
The security point is good but I don't think it is a high priority as most users will use NMControl without AppArmor/SELinux (I am currently not aware of something similar on Windows). Are there any implications for configuration/setup? Then we could still add it as an option for security aware users.
The namecoind RPC interface in NMControl is an ugly hack. As far as I can tell it's violating the HTTP spec, and we're just lucky that it works at all. No one wants to maintain that code.
We have 2 options. We could replace it with something more standard. The Bitcoin devs recommend https://github.com/jgarzik/python-bitcoinrpc . That code is actively maintained, and Python3 support is being worked on (though isn't completely working yet). Alternatively, we could switch to relying on Namecoin Core's REST interface.
I would prefer to switch to REST and remove the RPC interface. The reason for this is that right now, NMControl has the capability to issue arbitrary RPC commands, including looking at private data relating to the wallet (although not signing transactions). I would like to restrict NMControl via AppArmor/SELinux or similar things, so that even if NMControl is somehow compromised, it can't do nasty things to namecoind, but this is only possible with the REST interface to namecoind.
Thoughts on this?