Quote from: gavinandresen on July 23, 2010, 15:11:45 Question for everybody: should I add a section to the wiki page describing, in detail, how to do HTTP Basic authentication? PHP and Python make is really easy– just use the http://user:pass@host:port/ URL syntax. Yes, I think that would be really good […]
Read moreAuthor: Satoshi Nakamoto
Re: JSON-RPC password
Quote from: gavinandresen on July 22, 2010, 01:11:26 TODO: dialog box or debug.log warning if no rpc.user/rpc.password is set, explaining how to set. In many of the contexts of this RPC stuff, you can print to the console with fprintf(stdout, like this: #if defined(__WXMSW__) && wxUSE_GUI MyMessageBox(“Warning: rpc password is […]
Read moreRe: JSON-RPC password
Thanks for that survey! I find “key value” a little unnatural. There ought to be a more definite separator between key and value that suggests assignment. The space people may just be getting lazy using their language’s split function. key=some full sentence with spaces in it. # seems more clear […]
Read moreRe: JSON-RPC password
Quote from: gavinandresen on July 21, 2010, 12:11:10 I just did a quick survey of 20 .conf files in /etc on my debian system, and found: 1 file used “key value” 5 used “key=value” Thanks for that survey! I find “key value” a little unnatural. There ought to be a […]
Read moreRe: JSON-RPC password
You could do worse than using yaml for the settings I was researching config file formats, here’s a comparison. YAML is massive. I’m not sure there’s a lightweight easy to build library we can integrate into our project. Seems overkill. JSON is tempting and I’m inclined to like it, but […]
Read moreRe: JSON-RPC password
If you’re using another JSON-RPC client that you wrote you can take care to protect the password, but using the bitcoin binary as the client and passing the password on the command line has the same issue as starting the daemon with it. It’s still visible to every user that […]
Read moreRe: They want to delete the Wikipedia article
http://en.wikipedia.org/wiki/Bitcoin This article is being considered for deletion in accordance with Wikipedia’s deletion policy. Please share your thoughts on the matter at this article’s entry on the Articles for deletion page. This article needs references that appear in reliable third-party publications. Primary sources or sources affiliated with the subject are […]
Read moreRe: JSON-RPC password
The Transmission BitTorrent client does authenticated JSON-RPC; see “Remote Control” section of: https://trac.transmissionbt.com/wiki/ConfigurationParameters E.g. setting.json file might look like: Code: { “rpc-enabled”:1 “rpc-authentication-required”: 1, “rpc-password”: “xxxxxxxxxx”, “rpc-port”: 9091, “rpc-username”: “xxxxxxxxxx”, “rpc-whitelist-enabled”:1 “rpc-whitelist”:”127.0.0.1,192.168.*.*” } It uses HTTP ‘basic’ authentication (Authorization: basic base64(username:password) in the HTTP headers). So you drop a settings […]
Read moreWarning: don’t use -server or bitcoind where you web browse (v0.3.2 and lower)
Don’t use the -server or -daemon switch or run bitcoind on a machine where you use a web browser. It opens port 8332 on 127.0.0.1, the local loopback address, and you wouldn’t think that web browsers could cross-site access it, but it is possible. We’re working on a release soon […]
Read moreRe: JSON-RPC password
I guess it’s ok for remotely doing it but if your concern is that someone else on the same unix machine can steal your bitcoins this still doesn’t help because they can see your command line in /proc, top, ps etc. It could read the password on stdin or use […]
Read more