I have been noticing a trend of really bad configuration file examples lately. While most are harmless, one parameter poses a large security risk to the user.
1. rpcallowip is only needed in special situations where one wants to allow the client/daemon to accept RPC connections outside the localhost. Generally solo miners who want to point their rigs to a single daemon on the network.
2. rpcallowip=* tells the client/daemon to accept RPC connections from anybody-anywhere. If the rpcallowip setting is needed, restrict it to a certain IP address or network. For example:
This will restrict connections to hosts 192.168.1.0 - 192.168.1.255(The typical private subnet used on home networks)
Other oddballs:
rpcport=<port> or port=<port>
Unless you need to change the RPC or P2P port from the default in the client/daemon, there is no need for this.
Any of these extra settings are not needed and they are on by default or in the case of daemon=1 normally passed as a command line option as it only effects the non gui command line daemon.
A typical user configuration file only needs:
This is even optional as it sets the QT client to accept RPC commands, but harmless if set and not used. Some QT clients need this to use the RPC console in the debug menu.
Required for the most part
Required for the most part.
Other useful parameters:
This gives the client/daemon a node to try every time it starts. Useful for new coins with no seed nodes hard coded in the source, or new coins with few nodes.
This tells the client/daemon to build a full transaction index and allow one to retrieve non-wallet transactions typically through the "getrawtransaction <txid> 1" command. If added after the client has already started building or has built the block chain database, the switch "-reindex" will need to be used one time after the parameter has been added.
