zecfoundation
/
zcashd
mirror of https://github.com/ZcashFoundation/zcashd.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add security warnings for -prometheusmetrics option 

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
str4d 2021-01-07 04:46:55 +13:00 committed by Jack Grigg
parent 523f969654
commit d0f468e1ce
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
contrib/metrics/README.md
View File

@ -30,6 +30,12 @@ You can see what each method provides with `zcash-cli help METHOD_NAME`.
`zcashd` can optionally expose an HTTP server that acts as a Prometheus scrape
endpoint. The server will respond to `GET` requests on any request path.
Note that HTTPS is not supported, and therefore connections to the endpoint are
not encrypted or authenticated. Access to the endpoint should be assumed to
compromise the privacy of node operations, by the provided metrics and/or by
timing side channels. Enabling the endpoint is **strongly discouraged** if the
node has a wallet holding live funds.
To enable the endpoint, add `-prometheusmetrics=<host_name>:<port>` to your
`zcashd` configuration (either in `zcash.conf` or on the command line). After
restarting `zcashd` you can then test the endpoint by querying it:

3
src/init.cpp
View File

@ -354,7 +354,8 @@ std::string HelpMessage(HelpMessageMode mode)
strUsage += HelpMessageOpt("-pid=<file>", strprintf(_("Specify pid file (default: %s)"), BITCOIN_PID_FILENAME));
#endif
strUsage += HelpMessageOpt("-prometheusmetrics=<host_name>:<port>", _("Expose node metrics in the Prometheus exposition format. "
"An HTTP listener will be started on the configured hostname and port, which responds to GET requests on any request path."));
"An HTTP listener will be started on the configured hostname and port, which responds to GET requests on any request path. "
"SECURITY WARNING: this can potentially compromise privacy; read contrib/metrics/README.md before enabling."));
strUsage += HelpMessageOpt("-prune=<n>", strprintf(_("Reduce storage requirements by pruning (deleting) old blocks. This mode disables wallet support and is incompatible with -txindex. "
"Warning: Reverting this setting requires re-downloading the entire blockchain. "
"(default: 0 = disable pruning blocks, >%u = target size in MiB to use for block files)"), MIN_DISK_SPACE_FOR_BLOCK_FILES / 1024 / 1024));