8000 docs: Emphasize docs on attack exposure for RPC in production by thanethomson · Pull Request #454 · cometbft/cometbft · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

docs: Emphasize docs on attack exposure for RPC in production #454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Mar 7, 2023
Merged

docs: Emphasize docs on attack exposure for RPC in production #454

merged 7 commits into from
Mar 7, 2023

Conversation

thanethomson
Copy link
Contributor
@thanethomson thanethomson commented Mar 4, 2023
edited
Loading

For some reason this topic keeps coming up and I'd like us to emphasize this part of the documentation to put this topic to rest. Operators are, and have always been, ultimately responsible for securing their RPC endpoints if they choose to make them available publicly.

Rendered

PR checklist

  • Tests written/updated
  • Changelog entry added in .changelog (we use unclog to manage our changelog)
  • Updated relevant documentation (docs/ or spec/) and code comments

@thanethomson
docs: Expand note on DoS exposure for RPC
6b51c82 
Signed-off-by: Thane Thomson <connect@thanethomson.com>
@thanethomson
docs: Expand on full node/validator RPC exposure
8606877 
Signed-off-by: Thane Thomson <connect@thanethomson.com>
@thanethomson thanethomson added documentation Improvements or additions to documentation backport-to-v0.34.x Tell Mergify to backport the PR to v0.34.x backport-to-v0.37.x Tell Mergify to backport the PR to v0.37.x labels Mar 4, 2023
@thanethomson thanethomson requested a review from a team as a code owner March 4, 2023 13:19
thanethomson
thanethomson commented Mar 4, 2023
View reviewed changes
docs/core/running-in-production.md
not have access to expertise to assist you in doing so, rather do not expose
your RPC endpoint at all.

**Under no condition should any of the [unsafe RPC endpoints](../rpc/#/Unsafe)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This link will be properly rendered when the docs are deployed.

@thanethomson
docs: Remove mention of "DoS" to broaden notion of "attacks"
82751d5 
Signed-off-by: Thane Thomson <connect@thanethomson.com>
@thanethomson thanethomson changed the title docs: Emphasize docs on DoS exposure for RPC in production docs: Emphasize docs on attack exposure for RPC in production Mar 4, 2023
@thanethomson
Fix grammar
3eae62e 
Signed-off-by: Thane Thomson <connect@thanethomson.com>
@thanethomson
Restructure grammar in passive voice
8af98f8 
Signed-off-by: Thane Thomson <connect@thanethomson.com>
@thanethomson
Merge latest changes from main
31969a3 
Signed-off-by: Thane Thomson <connect@thanethomson.com>
@thanethomson
Fix grammar
c350557 
Signed-off-by: Thane Thomson <connect@thanethomson.com>
@mergify mergify bot merged commit 93c0edd into main Mar 7, 2023
@mergify mergify bot deleted the thane/docs/rpc-production branch March 7, 2023 18:53
mergify bot pushed a commit that referenced this pull request Mar 7, 2023
@thanethomson @mergify
docs: Emphasize docs on attack exposure for RPC in production (#454)
ba50532 
For some reason this topic keeps coming up and I'd like us to emphasize this part of the documentation to put this topic to rest. Operators are, and have always been, ultimately responsible for securing their RPC endpoints if they choose to make them available publicly.

[Rendered](https://github.com/cometbft/cometbft/blob/thane/docs/rpc-production/docs/core/running-in-production.md#rpc)

---

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog)
- [x] Updated relevant documentation (`docs/` or `spec/`) and code comments

(cherry picked from commit 93c0edd)
mergify bot pushed a commit that referenced this pull request Mar 7, 2023
@thanethomson @mergify
docs: Emphasize docs on attack exposure for RPC in production (#454)
460cfe5 
For some reason this topic keeps coming up and I'd like us to emphasize this part of the documentation to put this topic to rest. Operators are, and have always been, ultimately responsible for securing their RPC endpoints if they choose to make them available publicly.

[Rendered](https://github.com/cometbft/cometbft/blob/thane/docs/rpc-production/docs/core/running-in-production.md#rpc)

---

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog)
- [x] Updated relevant documentation (`docs/` or `spec/`) and code comments

(cherry picked from commit 93c0edd)

# Conflicts:
#	docs/core/running-in-production.md
This was referenced Mar 7, 2023
Merged
Merged
thanethomson added a commit that referenced this pull request Mar 8, 2023
@mergify @thanethomson
docs: Emphasize docs on attack exposure for RPC in production (#454) (#…
c61b679 
…480)

For some reason this topic keeps coming up and I'd like us to emphasize this part of the documentation to put this topic to rest. Operators are, and have always been, ultimately responsible for securing their RPC endpoints if they choose to make them available publicly.

[Rendered](https://github.com/cometbft/cometbft/blob/thane/docs/rpc-production/docs/core/running-in-production.md#rpc)

---

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog)
- [x] Updated relevant documentation (`docs/` or `spec/`) and code comments

(cherry picked from commit 93c0edd)

Co-authored-by: Thane Thomson <connect@thanethomson.com>
thanethomson added a commit that referenced this pull request Mar 8, 2023
@mergify @thanethomson
docs: Emphasize docs on attack exposure for RPC in production (backport
093b950 
#454) (#481)

* docs: Emphasize docs on attack exposure for RPC in production (#454)

For some reason this topic keeps coming up and I'd like us to emphasize this part of the documentation to put this topic to rest. Operators are, and have always been, ultimately responsible for securing their RPC endpoints if they choose to make them available publicly.

[Rendered](https://github.com/cometbft/cometbft/blob/thane/docs/rpc-production/docs/core/running-in-production.md#rpc)

---

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog)
- [x] Updated relevant documentation (`docs/` or `spec/`) and code comments

(cherry picked from commit 93c0edd)

# Conflicts:
#	docs/core/running-in-production.md

* Resolve conflicts

Signed-off-by: Thane Thomson <connect@thanethomson.com>

---------

Signed-off-by: Thane Thomson <connect@thanethomson.com>
Co-authored-by: Thane Thomson <connect@thanethomson.com>
roy-dydx pushed a commit to dydxprotocol/cometbft that referenced this pull request Jul 11, 2023
@mergify @thanethomson @roy-dydx
docs: Emphasize docs on attack exposure for RPC in production (cometb…
000ab86 
…ft#454) (cometbft#480)

For some reason this topic keeps coming up and I'd like us to emphasize this part of the documentation to put this topic to rest. Operators are, and have always been, ultimately responsible for securing their RPC endpoints if they choose to make them available publicly.

[Rendered](https://github.com/cometbft/cometbft/blob/thane/docs/rpc-production/docs/core/running-in-production.md#rpc)

---

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog)
- [x] Updated relevant documentation (`docs/` or `spec/`) and code comments

(cherry picked from commit 93c0edd)

Co-authored-by: Thane Thomson <connect@thanethomson.com>
@faddat faddat mentioned this pull request Jan 5, 2024
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lasarojc lasarojc lasarojc approved these changes

Assignees
No one assigned
Labels
automerge backport-to-v0.34.x Tell Mergify to backport the PR to v0.34.x backport-to-v0.37.x Tell Mergify to backport the PR to v0.37.x documentation Improvements or additions to documentation
Projects
No open projects
CometBFT 2023
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thanethomson @lasarojc
0