Background, I'm running a full node, but my Orwellian ISP bans peer to peer (even calls it out in the TOS), they have even warned me when they see ports open through my NAT. So to counter my ISP, I'm running bitcoin on TOR. This violates TOS, but they haven't detected my TOR config since I use bridges. I'm configured with -onlynet=onion so a lot of the exit-node threats would be neutralized.
Running bitcoin on TOR works great... but... this has the side effect of binding EXTERNAL traffic to 127.0.0.1. My fear is, that opening up RPC requests with -rpcbind=127.0.0.1 would open me up to the world. Similar to -rpcbind=* (<== bad!!!).
Now on the the one safeguard I have is that TOR only binds specified ports to 127.0.0.1 through their hidden services config.
So if I configure TOR to only bind to 127.0.0.1:8333, then go ahead and open up 127.0.0.1:8332 (locally, not TOR), should I be safe, or would I be foolhardy. This is my hot wallet I'm talking about.
BTW, the reason I'm not binding RPC to a fake addr like 0.0.0.0 is that I need RPC for walletpassphrase commands. I never felt good about issuing those through bitcoin-cli since the argument list is in the clear and viewable by any process or service on my box.
PS.. realize this is kind of a TOR specific question, so I will likely cross post to /r/TOR
You mean something like example ninja stick? Little over 20 dollars. Yep loopback adapter, its slow down littlebit of connection.