14:30:51 <ohchase> Was looking over the monero-gui and from what I can tell it runs the wallet rpc locally without any authorization. Am i understanding this correctly
14:31:24 <ohchase> I'm ignoring the whole wallet unlock and close access control portion
14:31:27 <m-relay> <o​frnxmr:xmr.mx> No
14:32:11 <m-relay> <o​frnxmr:xmr.mx> clarify: wdym about runs the wallet rpc?
14:33:28 <ohchase> The wallet not daemon rpc, so default for mainnet it would be on the local network at 127.0.0.1:18088
14:36:46 <ohchase> overall my concern/thought was with a simple curl command if the user has their wallet open when running a local node with the usage of monero-gui, the wallet could be sweeped. So it would be a low difficulty, opportunistic way to steal funds. E.g. hey heres this new cool monero tool I made, person downloads or pulls in dependency and has their gui wallet unlocked, and the package build does a local curl request sweeping the wallet
14:43:00 <plowsof> the daemon is not a wallet remember 
14:47:11 <ohchase> ahhh this doesn't use the wallet rpc at all, uses wallet2 native bindings for all wallet interactions it seems
15:07:16 <m-relay> <o​frnxmr:xmr.mx> wallet2_api
15:07:17 <m-relay> <o​frnxmr:xmr.mx> 18088 isnt a default port for anything