1 2016-10-07 08:32:09 <nazarewk> is there some kind of access management proxy for bitcoind?
2 2016-10-07 08:32:32 <nazarewk> for rpc
3 2016-10-07 08:40:41 <arubi> nazarewk, bitcoind has a -rpcauth flag now along with a script in ./share/rpcuser/rpcuser.py to generate credentials, and you can set rpcauth multiple times. not sure if that's what you're looking for
4 2016-10-07 08:41:50 <nazarewk> i mean like giving access to specific commands
5 2016-10-07 08:42:01 <nazarewk> so i could set up read-only node
6 2016-10-07 08:42:24 <arubi> oh, there's the REST api that doesn't require credentials
7 2016-10-07 08:42:57 <arubi> it has some nice stuff, info coming out is public
8 2016-10-07 08:43:45 <arubi> I don't know of any actual access management for specific rpc commands
9 2016-10-07 08:44:39 <arubi> which commands do you want to run through that proxy?
10 2016-10-07 08:46:26 <nazarewk> it'd be primarily about accessing wallet
11 2016-10-07 08:47:37 <arubi> for what info?
12 2016-10-07 08:47:55 <nazarewk> basically i need to be able to create read-only server for my application
13 2016-10-07 08:48:35 <nazarewk> i'm the only dev in the project with access to production, which is extremely annoying at a times
14 2016-10-07 08:49:12 <arubi> and what type of info is in the wallet that you'd like to read?
15 2016-10-07 08:50:57 <nazarewk> primarily listsinceblock and gettransaction
16 2016-10-07 08:52:05 <arubi> so you're looking at specific transaction ids that the wallet tracks?
17 2016-10-07 08:54:12 <nazarewk> quite often we want to retrieve all wallet transaction since some time to check how much the data differs from what we have in database
18 2016-10-07 08:55:26 <nazarewk> and right now i'm the only one able to do this
19 2016-10-07 08:58:19 <arubi> okay, bitcoind has -blocknotify and -walletnotify flags that you can set to run commands when blocks come in, and/or transactions come in
20 2016-10-07 08:58:47 <nazarewk> now that i defined it i can kinda expose endpoint to admin users
21 2016-10-07 08:59:12 <nazarewk> yeah, we already use that
22 2016-10-07 08:59:50 <arubi> ok, so maybe folks shouldn't be really querying bitcoind for this stuff, but rather bitcoind should output the relevant info to some resource that you /can/ easily set access levels to
23 2016-10-07 08:59:59 <nazarewk> we've bitcoind on separate server and sometimes (as in during deploy) we miss those
24 2016-10-07 09:00:19 <arubi> well you do need to run rescan right?
25 2016-10-07 09:00:29 <arubi> these still run in rescans
26 2016-10-07 09:00:35 <nazarewk> then there is listsinceblock "iterator"
27 2016-10-07 09:00:51 <arubi> (maybe not blocknotify, but walletnotify does)
28 2016-10-07 09:00:55 <nazarewk> as a last resort some endpoint exposing raw bitcoind data would be nice
29 2016-10-07 09:01:21 <arubi> thing is bitcoind wasn't designed for this type of access by multiple users
30 2016-10-07 09:04:48 <nazarewk> now that i think of it i could make a separate table for storing this data in database
31 2016-10-07 09:13:31 <nazarewk> i obviously don't need one right now, but what do you think of a project that would manage access to RPC commands (based on command + arguments number/types), could apply rate limiting etc?
32 2016-10-07 09:15:20 <arubi> I think once the wallet is separated from bitcoind, rpc access management will be very useful
33 2016-10-07 09:16:33 <arubi> I guess you could still run bitcoind without a wallet at all, so yea. I think it's a nice thing to have
34 2016-10-07 09:18:06 <arubi> but, I think even the most insignificant read access to the wallet degrades by a lot to everyone involved
35 2016-10-07 09:25:10 <nazarewk> what exactly do you mean by separating wallet from bitcoind?
36 2016-10-07 09:26:27 <arubi> I think it's a long term goal to eventually separate node and wallet functionality, kinda like rpc client was separated from bitcoind a while ago into bitcoin-cli
37 2016-10-07 09:26:38 <arubi> I don't know how much it's actively worked on though
38 2016-10-07 13:13:59 <nazarewk> overriden blocks get entirely removed from blockchain?
39 2016-10-07 23:15:29 <achow101> can someone explain this https://twitter.com/lopp/status/784512941290819584 ?