diff options
author | Jeff Garzik <jgarzik@exmulti.com> | 2012-11-05 01:41:53 -0500 |
---|---|---|
committer | Jeff Garzik <jgarzik@redhat.com> | 2012-11-15 20:33:42 -0500 |
commit | 7e1610d51ebdb520dac397d74bc92c3448eb3e02 (patch) | |
tree | ca78280f2507b3b8755ef40e4344716a9832c34f | |
parent | 6caffb5358b1e403b293846b3c832433fa928e46 (diff) |
RPC: Forbid RPC username == RPC password
Added security measure.
-rw-r--r-- | src/bitcoinrpc.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/bitcoinrpc.cpp b/src/bitcoinrpc.cpp index 8c04f577d1..07b616438e 100644 --- a/src/bitcoinrpc.cpp +++ b/src/bitcoinrpc.cpp @@ -748,7 +748,8 @@ void ThreadRPCServer2(void* parg) printf("ThreadRPCServer started\n"); strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"]; - if (mapArgs["-rpcpassword"] == "") + if ((mapArgs["-rpcpassword"] == "") || + (mapArgs["-rpcuser"] == mapArgs["-rpcpassword"])) { unsigned char rand_pwd[32]; RAND_bytes(rand_pwd, 32); @@ -763,6 +764,7 @@ void ThreadRPCServer2(void* parg) "rpcuser=bitcoinrpc\n" "rpcpassword=%s\n" "(you do not need to remember this password)\n" + "The username and password MUST NOT be the same.\n" "If the file does not exist, create it with owner-readable-only file permissions.\n"), strWhatAmI.c_str(), GetConfigFile().string().c_str(), |