Problem: enabling addhoc queries reveal tx data #943
Description
actually... I'm still not sure it's the right move yet, I'm asking to the kwil team. I'll open a new issue about this. If the risk is only data exposure of transactions, it might be minor in this phase.
Originally posted by @outerlook in #932 (comment)
from @brennanjl
Yes, disabling ad hoc queries also disables chain.block. This is because chain.block returns the entirety of the block data (all of the raw transactions). If this was not the case, then attackers could use chain.block as a workaround to read sensitive network information when queries are disabled
This is actually a perfect case where an rpc endpoint for querying a block header only would be ideal. It does not have the security concerns mentioned above because it doesn’t return the raw transaction data for a block
and I raised a point if it's as sensitive as enabling public direct access to 8484 endpoints from nodes