dash/blackcoin-more
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rpc: Remove chain-specific RequireRPCPassword

Browse Source 
I've never liked the chain-specific exception to having to set a
password. It gives issues with #6388 which makes it valid to
set no password in every case (as it enables random cookie authentication).

This pull removes the flag, so that all chains are regarded the same.

It also removes the username==password test, which doesn't provide any
substantial extra security.
This commit is contained in:
Wladimir J. van der Laan
2015-07-08 14:47:39 +02:00
parent 11576a57d2
commit 85ee55b5c3
3 changed files with 1 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/rpcserver.cpp
View File

@@ -598,8 +598,7 @@ void StartRPCThreads()
LogPrint("rpc", "Allowing RPC connections from: %s\n", strAllowed);
strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
if (((mapArgs["-rpcpassword"] == "") ||
(mapArgs["-rpcuser"] == mapArgs["-rpcpassword"])) && Params().RequireRPCPassword())
if (mapArgs["-rpcpassword"] == "")
{
unsigned char rand_pwd[32];
GetRandBytes(rand_pwd, 32);