aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff Garzik <jgarzik@exmulti.com>2012-11-05 01:41:53 -0500
committerJeff Garzik <jgarzik@redhat.com>2012-11-15 20:33:42 -0500
commit7e1610d51ebdb520dac397d74bc92c3448eb3e02 (patch)
treeca78280f2507b3b8755ef40e4344716a9832c34f
parent6caffb5358b1e403b293846b3c832433fa928e46 (diff)
RPC: Forbid RPC username == RPC password
Added security measure.
-rw-r--r--src/bitcoinrpc.cpp4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/bitcoinrpc.cpp b/src/bitcoinrpc.cpp
index 8c04f577d1..07b616438e 100644
--- a/src/bitcoinrpc.cpp
+++ b/src/bitcoinrpc.cpp
@@ -748,7 +748,8 @@ void ThreadRPCServer2(void* parg)
printf("ThreadRPCServer started\n");
strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
- if (mapArgs["-rpcpassword"] == "")
+ if ((mapArgs["-rpcpassword"] == "") ||
+ (mapArgs["-rpcuser"] == mapArgs["-rpcpassword"]))
{
unsigned char rand_pwd[32];
RAND_bytes(rand_pwd, 32);
@@ -763,6 +764,7 @@ void ThreadRPCServer2(void* parg)
"rpcuser=bitcoinrpc\n"
"rpcpassword=%s\n"
"(you do not need to remember this password)\n"
+ "The username and password MUST NOT be the same.\n"
"If the file does not exist, create it with owner-readable-only file permissions.\n"),
strWhatAmI.c_str(),
GetConfigFile().string().c_str(),