The Zebra RPC endpoint is currently unencrypted and accessible by anyone who knows the address and port. While the current recommendation is to restrict access to localhost or a trusted local network, there are cases where the endpoint needs to be open to the internet in production environments.
Implement one of the following authentication methods:
- Basic HTTP Authentication: This method would require users to provide a username and password when connecting to the RPC endpoint.
- Cookie-based Authentication: Similar to Zcashd, this method uses a randomly generated cookie stored on the file system to authenticate RPC connections.
We could implement just one of these methods or explore alternative solutions.
Authentication should be enabled by default but turning it off should be an option for testing purposes and setups where the endpoint is restricted to localhost or a private network.
Encryption of RPC traffic (for example using TLS) is not part of this ticket but might be considered in the future.
The Zebra RPC endpoint is currently unencrypted and accessible by anyone who knows the address and port. While the current recommendation is to restrict access to localhost or a trusted local network, there are cases where the endpoint needs to be open to the internet in production environments.
Implement one of the following authentication methods:
We could implement just one of these methods or explore alternative solutions.
Authentication should be enabled by default but turning it off should be an option for testing purposes and setups where the endpoint is restricted to localhost or a private network.
Encryption of RPC traffic (for example using TLS) is not part of this ticket but might be considered in the future.