Can an elects-server or a bitcoin-node be exploited if exposed to the internet?

[stn021]

Hello, I have installed electrs, a bitcoin-node and the btc-rpc-explorer. All work. Thank you to romanz and all contributors for electrs.

I would really like to use the server with all these programs not only at home but also elsewhere. For that case there are warnings to do this only with protection-schemes like a tor-service and firewall and authentication etc.

In my case there are no active wallets involved, so no keys can be stolen. I am not aware that any private or confidential information is stored. All three programs simply access the publicly available data on the bitcoin-blockchain.

Can an elects-server or a bitcoin-node or the btc-rpc-explorer really be misused under these conditions if somebody else logs in ?

[romanz]

Great to hear, thanks!

Please note that querying a history of a popular address can take a lot of CPU & I/O resources, and can be used as a remote denial-of-service vector if not handled properly. IIRC, ElectrumX is more resistant to such issues (compared to electrs).

[Kixunil]

I think we should have SECURITY.md to explain all this in detail.