Re: JSON-RPC password

The Transmission BitTorrent client does authenticated JSON-RPC; see “Remote Control” section of:

E.g. setting.json file might look like:

 "rpc-authentication-required": 1,
 "rpc-password": "xxxxxxxxxx",
 "rpc-port": 9091,
 "rpc-username": "xxxxxxxxxx",

It uses HTTP ‘basic’ authentication (Authorization: basic base64(username:password) in the HTTP headers).

So you drop a settings file in the ~/.bitcoin directory, that sounds better.  In the “no password is set” warning, it could tell you where the file is and what to do.

What is the most popular and common settings file format?

HTTP basic authentication should be considered.  In actual practice though, it’s more work for web developers to figure out how to specify the password through some extra parameter in the HTTP or JSON-RPC wrapper than to just stick an extra parameter at the beginning of the parameter list.  What do you think?  Does HTTP basic authentication get us any additional benefits?  Moving it off the parameter list but then you still have to specific it in a more esoteric place I’m not sure is a net win.

Quote from: gavinandresen on July 19, 2010, 12:02:39
I was confused for a bit because the password is given LAST on the command line, but FIRST in the JSON-RPC params list. I agree that reading the command-line password from a file would be more convenient and more secure.

You’re also confusing me, what do you mean?  Did I do something unintended?

83,545 total views, 72 views today