[c-lightning] rpc command whitelist
William Casarin
jb55 at jb55.com
Sun Dec 30 02:01:24 AEDT 2018
Hello clightningers,
I'm looking to isolate my clightning node from one of my applications.
The reasoning is: I'm currently hosting my app in an untrusted
environment, a digital ocean vps. To avoid potential side channel
attacks I figured it would be better to simply host my node on a machine
I control.
To make this work I had to use socat to forward the lightning socket
over a VPS.
The main issue now is I would like to restrict the application to only a
few commands, such as invoice, waitforinvoices, listinvoices, etc.
What do you think would be the best way to go about this? An idea I had
was to make a proxy server that intercepts and filters the jsonrpc
requests.
Does it make sense to implement something like this directly in
lightningd?
Cheers,
Will
--
https://jb55.com
More information about the c-lightning
mailing list