Browse Source

Merge pull request #1987 from jgarzik/no-pw-match

RPC: Forbid RPC username == RPC password
0.8
Jeff Garzik 12 years ago
parent
commit
34ea321ccd
  1. 4
      src/bitcoinrpc.cpp

4
src/bitcoinrpc.cpp

@ -748,7 +748,8 @@ void ThreadRPCServer2(void* parg)
printf("ThreadRPCServer started\n"); printf("ThreadRPCServer started\n");
strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"]; strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
if (mapArgs["-rpcpassword"] == "") if ((mapArgs["-rpcpassword"] == "") ||
(mapArgs["-rpcuser"] == mapArgs["-rpcpassword"]))
{ {
unsigned char rand_pwd[32]; unsigned char rand_pwd[32];
RAND_bytes(rand_pwd, 32); RAND_bytes(rand_pwd, 32);
@ -763,6 +764,7 @@ void ThreadRPCServer2(void* parg)
"rpcuser=bitcoinrpc\n" "rpcuser=bitcoinrpc\n"
"rpcpassword=%s\n" "rpcpassword=%s\n"
"(you do not need to remember this password)\n" "(you do not need to remember this password)\n"
"The username and password MUST NOT be the same.\n"
"If the file does not exist, create it with owner-readable-only file permissions.\n"), "If the file does not exist, create it with owner-readable-only file permissions.\n"),
strWhatAmI.c_str(), strWhatAmI.c_str(),
GetConfigFile().string().c_str(), GetConfigFile().string().c_str(),

Loading…
Cancel
Save