Re: JSON-RPC password

Bitcoin Talk

I guess it’s ok for remotely doing it but if your concern is that someone else on the same unix machine can steal your bitcoins this still doesn’t help because they can see your command line in /proc, top, ps etc.  It could read the password on stdin or use readline or something, to guard against that particular thing at least.  Allowing it to be passed on the command line is not good, in my opinion.

Even better might be to use a key file, then you can use unix permissions to make it readable to only that user, kind of like ssh does.. then the bitcoind could have an ‘authorized_keys’ file with the public keys.  Anyway I don’t mean to be an ass but the command line thing is just a false sense of security.

I’m afraid I have to agree with laszlo here, using a certificate/keyfile would be far more secure. Saying that, thanks for adding some security to the JSON api 🙂

Right, that is quite a bit better.

Can you give me any examples of other stuff that does it that way?  (and what the command line looks like)

The main change you’re talking about here is instead of -rpcpw= when you start bitcoind, you’d use a switch that specifies a text file to go and read it from, right?  (any ideas what I should name the switch?)

25,996 total views, 21 views today

Related posts:

  1. Re: JSON-RPC password If you’re using another JSON-RPC client that you wrote you...
  2. Re: JSON-RPC password Quote from: lachesis on July 23, 2010, 18:22:08 The password...
  3. Re: JSON-RPC password You could do worse than using yaml for the settings...
  4. Re: JSON-RPC password The Transmission BitTorrent client does authenticated JSON-RPC; see “Remote Control”...
  5. JSON-RPC password I uploaded to SVN my changes to add a password...
  6. Re: JSON-RPC password Quote from: gavinandresen on July 21, 2010, 12:11:10 I just...
https://bitcointalk.org/index.php?topic=461.msg4169#msg4169