mirror of
https://github.com/XRPLF/rippled.git
synced 2025-12-06 17:27:55 +00:00
38c3a46a33
In order to facilitate transaction signing, `rippled` offers the `sign` and
`sign_for` and `submit` commands, which, given a seed, can be used to sign or
sign-and-submit transactions. These commands are accessible from the command
line, as well as over the WebSocket and RPC interfaces that `rippled` can be
configured to provide.
These commands, unfortunately, have significant security implications:
1. They require divulging an account's seed (commonly known as a "secret
key") to the server.
2. When executing these commands against remote servers, the seeds can be
transported over clear-text links.
3. When executing these commands over the command line, the account
seed may be visible using common tools that show running processes
and may potentially be inadvertently stored by system monitoring
tools or facilities designed to maintain a history of previously
typed commands.
While this commit cannot prevent users from issuing these commands to a
server, whether locally or remotely, it restricts the `sign` and `sign_for`
commands, as well as the `submit` command when used to sign-and-submit,
so that they require administrative privileges on the server.
Server operators that want to allow unrestricted signing can do so by
adding the following stanza to their configuration file:
[signing_support]
true
Ripple discourages server operators from doing so and advises against using
these commands, which will be removed in a future release. If you rely on
these commands for signing, please migrate to a standalone signing solution
as soon as possible. One option is to use `ripple-lib`; documentation is
available at https://developers.ripple.com/rippleapi-reference.html#sign.
If the commands are administratively enabled, the server includes a warning
on startup and adds a new field in the resulting JSON, informing the caller
that the commands are deprecated and may become unavailable at any time.
Acknowledgements:
Jesper Wallin for reporting this issue to Ripple.
Bug Bounties and Responsible Disclosures:
We welcome reviews of the rippled code and urge researchers to responsibly
disclose any issues that they may find. For more on Ripple's Bug Bounty
program, please visit: https://ripple.com/bug-bounty
81 lines
3.7 KiB
C++
81 lines
3.7 KiB
C++
//------------------------------------------------------------------------------
|
|
/*
|
|
This file is part of rippled: https://github.com/ripple/rippled
|
|
Copyright (c) 2012, 2013 Ripple Labs Inc.
|
|
|
|
Permission to use, copy, modify, and/or distribute this software for any
|
|
purpose with or without fee is hereby granted, provided that the above
|
|
copyright notice and this permission notice appear in all copies.
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
*/
|
|
//==============================================================================
|
|
|
|
#ifndef RIPPLE_CORE_CONFIGSECTIONS_H_INCLUDED
|
|
#define RIPPLE_CORE_CONFIGSECTIONS_H_INCLUDED
|
|
|
|
#include <string>
|
|
|
|
namespace ripple {
|
|
|
|
// VFALCO DEPRECATED in favor of the BasicConfig interface
|
|
struct ConfigSection
|
|
{
|
|
explicit ConfigSection() = default;
|
|
|
|
static std::string nodeDatabase () { return "node_db"; }
|
|
static std::string shardDatabase () { return "shard_db"; }
|
|
static std::string importNodeDatabase () { return "import_db"; }
|
|
};
|
|
|
|
// VFALCO TODO Rename and replace these macros with variables.
|
|
#define SECTION_AMENDMENTS "amendments"
|
|
#define SECTION_CLUSTER_NODES "cluster_nodes"
|
|
#define SECTION_DEBUG_LOGFILE "debug_logfile"
|
|
#define SECTION_ELB_SUPPORT "elb_support"
|
|
#define SECTION_FEE_DEFAULT "fee_default"
|
|
#define SECTION_FEE_OFFER "fee_offer"
|
|
#define SECTION_FEE_ACCOUNT_RESERVE "fee_account_reserve"
|
|
#define SECTION_FEE_OWNER_RESERVE "fee_owner_reserve"
|
|
#define SECTION_FETCH_DEPTH "fetch_depth"
|
|
#define SECTION_LEDGER_HISTORY "ledger_history"
|
|
#define SECTION_INSIGHT "insight"
|
|
#define SECTION_IPS "ips"
|
|
#define SECTION_IPS_FIXED "ips_fixed"
|
|
#define SECTION_NETWORK_QUORUM "network_quorum"
|
|
#define SECTION_NODE_SEED "node_seed"
|
|
#define SECTION_NODE_SIZE "node_size"
|
|
#define SECTION_PATH_SEARCH_OLD "path_search_old"
|
|
#define SECTION_PATH_SEARCH "path_search"
|
|
#define SECTION_PATH_SEARCH_FAST "path_search_fast"
|
|
#define SECTION_PATH_SEARCH_MAX "path_search_max"
|
|
#define SECTION_PEER_PRIVATE "peer_private"
|
|
#define SECTION_PEERS_MAX "peers_max"
|
|
#define SECTION_RPC_STARTUP "rpc_startup"
|
|
#define SECTION_SIGNING_SUPPORT "signing_support"
|
|
#define SECTION_SNTP "sntp_servers"
|
|
#define SECTION_SSL_VERIFY "ssl_verify"
|
|
#define SECTION_SSL_VERIFY_FILE "ssl_verify_file"
|
|
#define SECTION_SSL_VERIFY_DIR "ssl_verify_dir"
|
|
#define SECTION_VALIDATORS_FILE "validators_file"
|
|
#define SECTION_VALIDATION_SEED "validation_seed"
|
|
#define SECTION_WEBSOCKET_PING_FREQ "websocket_ping_frequency"
|
|
#define SECTION_VALIDATOR_KEYS "validator_keys"
|
|
#define SECTION_VALIDATOR_KEY_REVOCATION "validator_key_revocation"
|
|
#define SECTION_VALIDATOR_LIST_KEYS "validator_list_keys"
|
|
#define SECTION_VALIDATOR_LIST_SITES "validator_list_sites"
|
|
#define SECTION_VALIDATORS "validators"
|
|
#define SECTION_VALIDATOR_TOKEN "validator_token"
|
|
#define SECTION_VETO_AMENDMENTS "veto_amendments"
|
|
#define SECTION_WORKERS "workers"
|
|
|
|
} // ripple
|
|
|
|
#endif
|