question about setting on nodes.

nxt.allowedUserHosts=; localhost; SERVER_IP_ADDRESS; 0:0:0:0:0:0:0:1;

Do both of these - I am assuming they must, and have to, be added to each node's file in /conf?

I'm following some instructions though from NXT Forums and think that it is indeed the case.

nxt.allowedBotHosts=; localhost; [0:0:0:0:0:0:0:1];*;
was in the file, and the comments mentions that this allows http/json API requests.

I've added the *; and I am wondering what the implications are, is * necessary to get people (users / transactors) from any IP to access the wallet API?

However there was no:
nxt.allowedUserHosts=; localhost; SERVER_IP_ADDRESS; 0:0:0:0:0:0:0:1;

line in (from my clone). I am curious what this line does, I do not exactly know the explanation for this one. Should I concatenate *; to this line also, and what are its implications? I am uncertain of this. is for the default values. If you are building a clone you should change there only those default values you want to change.

The two properties you mention have reasonable defaults, is there any reason why you want to change those?

Both have explanatory descriptions.

Hi thank you. However I did not find
nxt.allowedUserHosts in my file and had to add it, which is why I am asking what its function or specific role is. I am slightly worried as you say it should be in there, but definitely was not. I will look in my other practice clones and see if it is in their default properties files.

I am reading some instructions to implement SSL for the peer ports in Apache so am a bit worried about exactly what I am doing, and am just unsure because it was not in the file (allowedUserHosts). Although of course not all of my nodes will be using apache, I would like to run others in nginx and so on, also. I think this may be a good idea for "extra" security to use different webservers to host my nodes.

I really found it quite remarkable that NXT has not been hacked, and wonder if there are articles as to why not? Are there any stories or reports (news) about such attempted hacks on the NXT blockchain, I find it quite interesting. I wish I could understand how it is so resistant itself, regardless of contextual settings like server security. Do more forging wallets improve security or only liquidty?

I mean other than this article, obviously it was the exchange security which was to blame and not the NXT blockchain.

So you are saying that forging is pretty critical for security, does more forgers improve liquidity and security, I don't really know. I should RTFM.

This news article though read reminds me of the Dread Pirate Roberts situation (he paid I think a total of 7022 yes, seven thousand) BTC to have his "victim" [the initial extortionist" murdered, although the "assassin [who was the one and same extortionist as the first]" was the victim posing as different characters... I saw such an interesting documentary about it, its quite amusing (imagine paying over 7000 BTC to go to jail for the rest of your life? Talk about a raw deal...). Poor kid.

I will focus my answer on this specific property nxt.allowedUserHosts. The rest of your post is more of a comment than an specific question.

You've probably seen this property on the code or default configuration file of the Nxt blockchain itself, not on the clone code. This is part of an old UI code that it's deprecated, disabled by default on Nxt, and not even available on the clone code.

In other words, it's useless on a clone built from the nxt-clone-starter repository.