Hello I have a local blockchain, Geth client, 2 nodes and clique proof of authority algorithm.
I start geth with this command:
geth --datadir node2/ --syncmode 'full' --port 30312
--rpc --rpcport 8546 --rpccorsdomain "*"
--ipcpath geth.ipc --rpcapi 'personal,db,eth,net,web3,txpool,miner'
--bootnodes 'enode://702efed8e606...ad041b4371a91989@127.0.0.1:30310'
--networkid 2456 --gasprice '1' --mine
--unlock '0x46004DEAfddb60d11cA04501df8C52aE4679Be8f' --password password.txt
but because of unlock now everyone can transfer ether from this account to some other account
like so:
const Web3 = require("web3");
var web3Client = new Web3(new Web3.providers.HttpProvider("http://localhost:8546"));
await web3Client.eth.sendTransaction({
from: "0x46004DEAfddb60d11cA04501df8C52aE4679Be8f",
to: "0xE77e5634A46153e1cfCa02350cf212BdbC18fbC6",
value: 23
});
but if I remove –unlock from geth command I can no longer seal blocks
WARN [06-01|14:44:52] Block sealing failed err="authentication needed: password or unlock"
is it possible to seal blocks without having to unlock the account?
Best Answer
Sealer account has to be unlocked, otherwise you can not sign and you'll not be able to seal blocks.
From the security perspective, it's a bad idea to have a RPC port open at a sealer node. While in test, you can do it like this, but if you plan to setup the production environment, I would recommend to have a separate node for the sealer.