Skip to content
This repository has been archived by the owner on Nov 6, 2020. It is now read-only.

Relock account from personal_unlockAccount after first usage #1086

Closed
NikVolf opened this issue May 14, 2016 · 3 comments
Closed

Relock account from personal_unlockAccount after first usage #1086

NikVolf opened this issue May 14, 2016 · 3 comments
Assignees
@gavofyork
Labels
F1-security 🛡 The client fails to follow expected, security-sensitive, behaviour. P7-nicetohave 🐕 Issue is worth doing eventually.

Comments

@NikVolf
Copy link
Contributor

NikVolf commented May 14, 2016

can prevent brute force attack vector when RPC is exposed to public and user never unlocks accounts
@gavofyork
Copy link
Contributor

tbh this API is dangerous and should just be removed.

@gavofyork
Copy link
Contributor

if we keep it, it shouldn't be a timeout but rather until the first usage (i.e. eth_sendTransaction), after which it should be locked again.

@gavofyork gavofyork changed the title Add timeout for personal_unlockAccount request Relock account from personal_unlockAccount after first usage May 17, 2016
@gavofyork gavofyork added F1-security 🛡 The client fails to follow expected, security-sensitive, behaviour. P7-nicetohave 🐕 Issue is worth doing eventually. labels May 17, 2016
@gavofyork gavofyork self-assigned this May 21, 2016
@gavofyork gavofyork mentioned this issue May 21, 2016
Merged
@gavofyork
Copy link
Contributor

Fixed in #1120

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@gavofyork gavofyork

Labels
F1-security 🛡 The client fails to follow expected, security-sensitive, behaviour. P7-nicetohave 🐕 Issue is worth doing eventually.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gavofyork @NikVolf