{
"subject": "Re: JSON-RPC password",
"content": {
"format": "html",
"body": "<div class=\"post\">I don't think authentication should be disabled by default if there's no conf file or the config file doesn't contain \"rpcpassword\", but what if it contains \"rpcpassword=\"?<br/><br/>I can see both points.<br/><br/>What if the programmer can't figure out how to do HTTP authentication in their language (Fortran or whatever) or it's not even supported by their JSON-RPC library? Should they be able to explicitly disable the password requirement?<br/><br/>OTOH, what if there's a template conf file, with<br/>rpcpassword= # fill in a password here<br/><br/>There are many systems that don't allow you to log in without a password. This forum, for instance. Gavin's point seems stronger.<br/><br/>BTW, I haven't tested it, but I hope having rpcpassword= in the conf file is valid. It's only if you use -server or -daemon or bitcoind that it should fail with a warning. If it doesn't need the password, it should be fine. Is that right?</div>"
},
"source": {
"name": "Bitcoin Forum",
"url": "https://bitcointalk.org/index.php?topic=461.msg5383#msg5383"
},
"date": "2010-07-23T20:39:03Z"
}