# Re: JSON-RPC password

Post by: satoshi on July 23, 2010, 08:39:03 PM

I don't think authentication should be disabled by default if there's no conf file or the config file doesn't contain "rpcpassword", but what if it contains "rpcpassword="?

I can see both points.

What if the programmer can't figure out how to do HTTP authentication in their language (Fortran or whatever) or it's not even supported by their JSON-RPC library?  Should they be able to explicitly disable the password requirement?

OTOH, what if there's a template conf file, with<br>
rpcpassword= &nbsp;# fill in a password here

There are many systems that don't allow you to log in without a password. &nbsp;This forum, for instance. &nbsp;Gavin's point seems stronger.

BTW, I haven't tested it, but I hope having rpcpassword= &nbsp;in the conf file is valid. &nbsp;It's only if you use -server or -daemon or bitcoind that it should fail with a warning. &nbsp;If it doesn't need the password, it should be fine. &nbsp;Is that right?

---

Source file: bitcoin-forum-satoshi-nakamoto.tgz

External link: https://bitcointalk.org/index.php?topic=461.msg5383#msg5383