Merge pull request #1987 from jgarzik/no-pw-match

RPC: Forbid RPC username == RPC password
author: Jeff Garzik <jgarzik@exmulti.com> 2012-11-15 18:22:50 -0800
committer: Jeff Garzik <jgarzik@exmulti.com> 2012-11-15 18:22:50 -0800
commit: 34ea321ccdb234fe695f6279e3d53cce31c28f4a (patch)
tree: 897b0f7e0f17943e959a718f93a454798186e372
parent: 824e19605487a0e6a36c212ef23ac31cb643dc90 (diff)
parent: 7e1610d51ebdb520dac397d74bc92c3448eb3e02 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/bitcoinrpc.cpp b/src/bitcoinrpc.cpp
index 8c04f577d1..07b616438e 100644
--- a/src/bitcoinrpc.cpp
+++ b/src/bitcoinrpc.cpp
@@ -748,7 +748,8 @@ void ThreadRPCServer2(void* parg)
     printf("ThreadRPCServer started\n");
 
     strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
-    if (mapArgs["-rpcpassword"] == "")
+    if ((mapArgs["-rpcpassword"] == "") ||
+        (mapArgs["-rpcuser"] == mapArgs["-rpcpassword"]))
     {
         unsigned char rand_pwd[32];
         RAND_bytes(rand_pwd, 32);
@@ -763,6 +764,7 @@ void ThreadRPCServer2(void* parg)
               "rpcuser=bitcoinrpc\n"
               "rpcpassword=%s\n"
               "(you do not need to remember this password)\n"
+              "The username and password MUST NOT be the same.\n"
               "If the file does not exist, create it with owner-readable-only file permissions.\n"),
                 strWhatAmI.c_str(),
                 GetConfigFile().string().c_str(),
author	Jeff Garzik <jgarzik@exmulti.com>	2012-11-15 18:22:50 -0800
committer	Jeff Garzik <jgarzik@exmulti.com>	2012-11-15 18:22:50 -0800
commit	34ea321ccdb234fe695f6279e3d53cce31c28f4a (patch)
tree	897b0f7e0f17943e959a718f93a454798186e372
parent	824e19605487a0e6a36c212ef23ac31cb643dc90 (diff)
parent	7e1610d51ebdb520dac397d74bc92c3448eb3e02 (diff)