-
Notifications
You must be signed in to change notification settings - Fork 922
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use Password Specific to Web UI Instead of Wallet Password #7569
Conversation
if err != nil { | ||
return errors.Wrap(err, "could not open wallet") | ||
} | ||
if w != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If a user already has a wallet, we shouldn't block the validator client from starting if using --web
} | ||
}() | ||
time.Sleep(time.Second * 1) | ||
cmd, err := browser.Command("http://" + s.http.Addr) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This caused a lot more problems than it solved, removing
Needs gazelle |
506d3ef
to
6348e29
Compare
As a security measure, we should not be using the wallet password for web UI authentication. Instead, we should have a specific password we use for web UI access, which we store as a password hash in our validator DB. This will prevent us from sending the wallet password via gRPC every single time we login to the dashboard.
This PR also removes the automatic opening of the web UI in a user's browser, and it also removes the restriction that validator clients with existing wallet cannot start without logging in with the --web flag.