forked from domob1812/namecoin-core
-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support specifying rpcpassword by file #148
Labels
upstream bug
A bug that is (likely) present also in upstream Bitcoin and should be fixed there.
Comments
75 tasks
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Bas van Dijk:
Currently the `rpcpassword` must be specified in the
`namecoin.conf` configuration file. On some systems (for example
in NixOS) configuration files are stored in world-readable
locations. It's a bad idea to store secrets in world-readable
locations.
To better support these systems it would be nice if there was a
`rpcpasswordFile` configuration parameter. Users can then keep
`namecoin.conf` in a world-readable location but set
`rpcpasswordFile` to a file with restricted ownership and
permissions.
Hi, thanks for bringing this up.
This sounds like something that also affects Bitcoin Core; is that
correct? If so, the issue should probably be brought up with them.
Cheers!
…-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJY1VM2AAoJELPy0WV4bWVwU84P/i09//Cp3N/kL0ssZJPV80ST
GEqADF9vfUKBXWhV1lOsJ9DNQwV1xOo0ZWVpH5kGuIowO/iu2L0FJBQKDHi6AQLR
M56sSca+Goc2jtMyf3RYtbTy1yMiWtcmX/h2QcSQ4Ae4oAu+JCqpOhgC4+lTVwjG
zVyQNQDHMU8M64bEo4oFDRtdiik5xr5SXlTM3gT2YNh9ENvbDsdJrdtSmfCz2r/4
Oh4SrbDBhsnffq5RPHChhmF75eFA3aAx7v4nUDOpTFvEs/8JQAAEI3dKSmeGW0eO
8Rv/RbZs84QlMxBaVCGRe8Swh88GR+PbSmcM2vZs6VOnyZnax6KA/lQs4DNlp48r
NxTe6xOBXaKFyWbYbiwyKsus2LdP1L+4di7Y9pJDX9nIYUWkcsOVnMLAiM0lj8FI
nEKzz4lGTK0oEk1cmh9sq8Eb7Ie+zAoiKwsHTn8Boadk6LnunTqOk38BoZuBz8aK
ZIVLP+FBIfkIqJU5HfY1zxMoYzsBzkgEMJVaer7kNQ7M2jJhcOLZuf+M+vRw1bFy
G18VftbJ+xoGGIo56KX37yMDrQaUuw6VRxj15FG6PTO0CN+ORd/8ntQFheFGxrVn
yhsMgZqmZ5ISfW5Lkz5A5rzYr4JwKseIMdhKfTxym4AXhIIlXNxYJiK7HEuiqerU
dFdVVqmuoy5Gck4w/IJm
=qwvN
-----END PGP SIGNATURE-----
|
Good tip! I created: bitcoin/bitcoin#10071. |
domob1812
added
the
upstream bug
A bug that is (likely) present also in upstream Bitcoin and should be fixed there.
label
Jun 5, 2018
Closing this, since it is indeed an upstream issue (and was already brought up with Bitcoin). Also, as mentioned in the Bitcoin issue, there are now alternatives to password authentication (e. g., cookie files). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
upstream bug
A bug that is (likely) present also in upstream Bitcoin and should be fixed there.
Currently the
rpcpassword
must be specified in thenamecoin.conf
configuration file. On some systems (for example in NixOS) configuration files are stored in world-readable locations. It's a bad idea to store secrets in world-readable locations.To better support these systems it would be nice if there was a
rpcpasswordFile
configuration parameter. Users can then keepnamecoin.conf
in a world-readable location but setrpcpasswordFile
to a file with restricted ownership and permissions.The text was updated successfully, but these errors were encountered: