From 85ee55b5c37bedca98ec472439e1710277e8e4b2 Mon Sep 17 00:00:00 2001
From: "Wladimir J. van der Laan" <laanwj@gmail.com>
Date: Wed, 8 Jul 2015 14:47:39 +0200
Subject: rpc: Remove chain-specific RequireRPCPassword

I've never liked the chain-specific exception to having to set a
password. It gives issues with #6388 which makes it valid to
set no password in every case (as it enables random cookie authentication).

This pull removes the flag, so that all chains are regarded the same.

It also removes the username==password test, which doesn't provide any
substantial extra security.
---
 src/rpcserver.cpp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'src/rpcserver.cpp')

diff --git a/src/rpcserver.cpp b/src/rpcserver.cpp
index 287cfb2f13..daf10736bf 100644
--- a/src/rpcserver.cpp
+++ b/src/rpcserver.cpp
@@ -598,8 +598,7 @@ void StartRPCThreads()
     LogPrint("rpc", "Allowing RPC connections from: %s\n", strAllowed);
 
     strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
-    if (((mapArgs["-rpcpassword"] == "") ||
-         (mapArgs["-rpcuser"] == mapArgs["-rpcpassword"])) && Params().RequireRPCPassword())
+    if (mapArgs["-rpcpassword"] == "")
     {
         unsigned char rand_pwd[32];
         GetRandBytes(rand_pwd, 32);
-- 
cgit v1.2.3