Currently, v systems nodes using default settings have open, public APIs.
While 0.0.0.0 is sometimes desirable, the default shipped state should be more secure, for example, 127.0.0.1
I am adding an additional commit to #214 that makes the API serve on localhost only by default.
comparatively speaking, I think that Ethereum chooses to extreme an option, with the RPC disabled by default. I think that it makes the most sense to have the RPC enabled, but only served to localhost. This also allows the user to choose if they would like to use a reverse proxy or HTTP server like caddy to securely serve access to the endpoint via HTTPS.
faddat
commented
4 years ago
Currently, v systems nodes using default settings have open, public APIs.
While 0.0.0.0 is sometimes desirable, the default shipped state should be more secure, for example, 127.0.0.1
I am adding an additional commit to #214 that makes the API serve on localhost only by default.
comparatively speaking, I think that Ethereum chooses to extreme an option, with the RPC disabled by default. I think that it makes the most sense to have the RPC enabled, but only served to localhost. This also allows the user to choose if they would like to use a reverse proxy or HTTP server like caddy to securely serve access to the endpoint via HTTPS.