[bitcoindev] Security implications of using pseudorandom JSON-RPC IDs

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Ali Sherief <ali@notatether•com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: [bitcoindev] Security implications of using pseudorandom JSON-RPC IDs
Date: Sat, 6 Apr 2024 22:57:16 -0700 (PDT)	[thread overview]
Message-ID: <a358aaac-62d5-4d30-a599-40c94da66c4fn@googlegroups.com> (raw)

[-- Attachment #1.1: Type: text/plain, Size: 975 bytes --]

I am trying to figure out how the Bitcoin Core RPC server stores the 
UniValue JSON-RPC requests.

The reason being is because I have an application that uses pseudorandom 
IDs for the JSON-RPC calls, and I'm trying to make sure that Core isn't 
going to send me someone else's JSON-RPC response if somebody else happens 
to be making a request with that ID at the same instant, which could be a 
potential security issue.

So far I don't have any leads on the Github codebase yet, but I'm still 
looking.

Anyway I would appreciate if someone would clarify this topic for me.

---
Ali

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/a358aaac-62d5-4d30-a599-40c94da66c4fn%40googlegroups.com.

[-- Attachment #1.2: Type: text/html, Size: 1346 bytes --]

next             reply	other threads:[~2024-04-07  6:19 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-07  5:57 Ali Sherief [this message]
     [not found] ` <xXMlG6tjc8Zq-mJ5J6mM8xCqSbzLeJMP6pHmaEsrmkmqXlTLhroNtaPtY16nHq0u5APSMY4F518X22fWSjRBQ_MWpqkfN-jnceZxHsZU14k=@proton.me>
     [not found]   ` <HKLeYC_TSyA-x9bqKW2ono6zSUV3XpVsu2S1uPMU3NBnXTGHxZ1bLx0K9YztYRK-3kKXsWtz0TCrKsNg5BkvNnNKzX9zwRtl5slNRVsLSzA=@notatether.com>
2024-04-07  8:03     ` Ali Sherief
2024-04-09 23:35       ` Antoine Riard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a358aaac-62d5-4d30-a599-40c94da66c4fn@googlegroups.com \
    --to=ali@notatether$(echo .)com \
    --cc=bitcoindev@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox