Re: JSON-RPC password

I guess it’s ok for remotely doing it but if your concern is that someone else on the same unix machine can steal your bitcoins this still doesn’t help because they can see your command line in /proc, top, ps etc.  It could read the password on stdin or use readline or something, to guard against that particular thing at least.  Allowing it to be passed on the command line is not good, in my opinion.

Even better might be to use a key file, then you can use unix permissions to make it readable to only that user, kind of like ssh does.. then the bitcoind could have an ‘authorized_keys’ file with the public keys.  Anyway I don’t mean to be an ass but the command line thing is just a false sense of security.

I’m afraid I have to agree with laszlo here, using a certificate/keyfile would be far more secure. Saying that, thanks for adding some security to the JSON api 🙂

Right, that is quite a bit better.

Can you give me any examples of other stuff that does it that way?  (and what the command line looks like)

The main change you’re talking about here is instead of -rpcpw= when you start bitcoind, you’d use a switch that specifies a text file to go and read it from, right?  (any ideas what I should name the switch?)

29,884 total views, 12 views today

https://bitcointalk.org/index.php?topic=461.msg4169#msg4169