Warning: don’t use -server or bitcoind where you web browse (v0.3.2 and lower)

Bitcoin Talk

Don’t use the -server or -daemon switch or run bitcoind on a machine where you use a web browser.  It opens port 8332 on 127.0.0.1, the local loopback address, and you wouldn’t think that web browsers could cross-site access it, but it is possible.

We’re working on a release soon that puts a password on the JSON-RPC interface, but until then, avoid using the -server switch, and don’t web browse on the same machine where bitcoind is running.

Update:
The JSON-RPC HTTP authentication feature in 0.3.3 solves this problem.

74,927 total views, 28 views today

Related posts:

  1. Re: Warning: don’t use -server or bitcoind on a machine where you web browse Don’t use the -server or -daemon switch or run bitcoind...
  2. Re: bitcoind not responding to RPC Occasionally bitcoind will not respond to RPC I’m calling it...
  3. Re: bitcoind transaction to ip address I cant figure out how to send a transaction to...
  4. Re: Payment server Quote from: riX on January 27, 2010, 12:49:07 Wallets already...
  5. bitcoind without wxWidgets I replaced the last of the few wxBase dependencies in...
  6. Re: bitcoind not responding to RPC Weird I guess fopen() in php dies if the response...
https://bitcointalk.org/index.php?topic=479.msg4263#msg4263