zcash-hackworks
/
bitcoin
mirror of https://github.com/zcash-hackworks/bitcoin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

RPC: Forbid RPC username == RPC password 

Added security measure.
This commit is contained in:
Jeff Garzik 2012-11-05 01:41:53 -05:00 committed by Jeff Garzik
parent 6caffb5358
commit 7e1610d51e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/bitcoinrpc.cpp
View File

@ -748,7 +748,8 @@ void ThreadRPCServer2(void* parg)
printf("ThreadRPCServer started\n"); printf("ThreadRPCServer started\n");
strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"]; strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
if (mapArgs["-rpcpassword"] == "") if ((mapArgs["-rpcpassword"] == "") ||
(mapArgs["-rpcuser"] == mapArgs["-rpcpassword"]))
{ {
unsigned char rand_pwd[32]; unsigned char rand_pwd[32];
RAND_bytes(rand_pwd, 32); RAND_bytes(rand_pwd, 32);
@ -763,6 +764,7 @@ void ThreadRPCServer2(void* parg)
"rpcuser=bitcoinrpc\n" "rpcuser=bitcoinrpc\n"
"rpcpassword=%s\n" "rpcpassword=%s\n"
"(you do not need to remember this password)\n" "(you do not need to remember this password)\n"
"The username and password MUST NOT be the same.\n"
"If the file does not exist, create it with owner-readable-only file permissions.\n"), "If the file does not exist, create it with owner-readable-only file permissions.\n"),
strWhatAmI.c_str(), strWhatAmI.c_str(),
GetConfigFile().string().c_str(), GetConfigFile().string().c_str(),