RPC: Forbid RPC username == RPC password
Added security measure.
This commit is contained in:
parent
6caffb5358
commit
7e1610d51e
@ -748,7 +748,8 @@ void ThreadRPCServer2(void* parg)
|
|||||||
printf("ThreadRPCServer started\n");
|
printf("ThreadRPCServer started\n");
|
||||||
|
|
||||||
strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
|
strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
|
||||||
if (mapArgs["-rpcpassword"] == "")
|
if ((mapArgs["-rpcpassword"] == "") ||
|
||||||
|
(mapArgs["-rpcuser"] == mapArgs["-rpcpassword"]))
|
||||||
{
|
{
|
||||||
unsigned char rand_pwd[32];
|
unsigned char rand_pwd[32];
|
||||||
RAND_bytes(rand_pwd, 32);
|
RAND_bytes(rand_pwd, 32);
|
||||||
@ -763,6 +764,7 @@ void ThreadRPCServer2(void* parg)
|
|||||||
"rpcuser=bitcoinrpc\n"
|
"rpcuser=bitcoinrpc\n"
|
||||||
"rpcpassword=%s\n"
|
"rpcpassword=%s\n"
|
||||||
"(you do not need to remember this password)\n"
|
"(you do not need to remember this password)\n"
|
||||||
|
"The username and password MUST NOT be the same.\n"
|
||||||
"If the file does not exist, create it with owner-readable-only file permissions.\n"),
|
"If the file does not exist, create it with owner-readable-only file permissions.\n"),
|
||||||
strWhatAmI.c_str(),
|
strWhatAmI.c_str(),
|
||||||
GetConfigFile().string().c_str(),
|
GetConfigFile().string().c_str(),
|
||||||
|
Loading…
Reference in New Issue
Block a user