6

The doc on github says:

--allow-insecure-unlock Allow insecure account unlocking when account-related RPCs are exposed by http

And, I have to add the option when start geth, otherwise can't unlock the account.

Questions

  • What does this option exactly mean? I read the doc and searhed on Google, still can't fully understand it.
  • Is it safe to use this option, will it create security holes?
Eric
  • 22,183
  • 20
  • 145
  • 196

1 Answers1

7

If you access to a node with geth via HTTP protocol you canĀ“t unlock account with personal.unlockAccount(web3.eth.account, password). If you try, you'll receive error "account unlock with HTTP access is forbidden". So, to avoid that you have to use the flag allow-insecure-unlock.

That is because the unlock operation is unsafe if the node is exposed to external. That "protection" was added in go-ethereum in PR #17037 (https://github.com/ethereum/go-ethereum/pull/17037)

Diego B
  • 1,256
  • 11
  • 19