Closed ghost closed 9 months ago
I think that this issue was resolved by https://github.com/romanz/electrs/commit/bf78c131cffbe1edb7c32dcb4baf68396b0f723b, which was released in 0.9.9 version.
@4ezb2 Are you sure this still happens on 0.10.1 version?
@romanz Yes, I recently updated the version to 0.10.1 and my server has been running successfully for quiet a while.. But, honestly I am not familiar with all of the intricacies of how "wallets" interact with my electrs server in the background. Instead, I simply know how to manually configure them to connect correctly.
Anyway, I'd like to clarify that this INFO message shows up ever time I use my self-hsoted mempool in the browser to search for e.g. address balance or transaction id. However, I just double checked my electrs server to find that there is nothing else in the logs besides this INFO message. Meaning that, the message simply ends with "[...] history called for unsubscribed scripthash" and there is no semicolon, nor anything else. So perhaps, I jumped to conclusions too fast and there is no sensitive data leaked in the logs after all.
INFO your wallet uses less efficient method of querying electrs, consider contacting the developer of your wallet. Reason: blockchain.scripthash.get_history called for unsubscribed scripthash
@4ezb2 I noticed you mention mempool. It's quite likely you're using their fork not this version. If so please open issues at their repo next time, not here.
We should really do something about it, these issues are repeating and responding to them is inefficient.
Hi @Kixunil, I am not running their fork, as mentioned above deployment method: manual.
And, I did open an issue there too #4496, but like I said I am not familiar with all of the intricacies of how "wallets" or "mempool" interacts with my electrs server in the background. Instead, I only know how to manually configure and maintain them correctly.
Description
electrs leaking privacy sensitive scripthash values into logs, while exploring self-hosted mempool.space in the browser
Many thanks for looking into this issue!
Version
electrs server 10.1, and mempool 2.5
Steps to reproduce
Expected behaviour
no leak of privacy sensitive scripthash values into logs
Actual behaviour
leak of privacy sensitive scripthash values into logs
System running electrs server
/etc/nginx/streams-enabled/electrs.conf
upstream electrs { server 127.0.0.1:50001; }
server { listen 50002 ssl; proxy_pass electrs; }
/mempool/backend/v2.5.0_mempool-config.json
Note that, the default config for mempool refers to electrs server as "electrum" backend...
{ "MEMPOOL": { "NETWORK": "mainnet", "BACKEND": "electrum", "ENABLED": true }, }, "ELECTRUM": { "HOST": "127.0.0.1", "PORT": 50002, "TLS_ENABLED": true },