From d5cbb02916f93169a0bc8de035f3fc3a41592cbb Mon Sep 17 00:00:00 2001 From: willcl-ark Date: Tue, 16 Jan 2024 10:16:32 +0000 Subject: [PATCH] doc: remove references to rpcuser and rpcpassword --- doc/JSON-RPC-interface.md | 28 +++++++++++++--------------- doc/init.md | 38 ++++++++++++++++++++------------------ 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/doc/JSON-RPC-interface.md b/doc/JSON-RPC-interface.md index ec332d23ebee5..d212d7ff5bb9c 100644 --- a/doc/JSON-RPC-interface.md +++ b/doc/JSON-RPC-interface.md @@ -32,10 +32,10 @@ requests when multiple wallets are in use. ### Examples ```sh -# Get block count from the / endpoint when rpcuser=alice and rpcport=38332 +# Get block count from the / endpoint when rpcauth=alice: and rpcport=38332 $ curl --user alice --data-binary '{"jsonrpc": "1.0", "id": "0", "method": "getblockcount", "params": []}' -H 'content-type: text/plain;' localhost:38332/ -# Get balance from the /wallet/walletname endpoint when rpcuser=alice, rpcport=38332 and rpcwallet=desc-wallet +# Get balance from the /wallet/walletname endpoint when rpcauth=alice:, rpcport=38332 and rpcwallet=desc-wallet $ curl --user alice --data-binary '{"jsonrpc": "1.0", "id": "0", "method": "getbalance", "params": []}' -H 'content-type: text/plain;' localhost:38332/wallet/desc-wallet ``` @@ -128,19 +128,17 @@ RPC interface will be abused. Instead, expose it only on the host system's localhost, for example: `-p 127.0.0.1:8332:8332` -- **Secure authentication:** By default, when no `rpcpassword` is specified, Bitcoin Core generates unique - login credentials each time it restarts and puts them into a file - readable only by the user that started Bitcoin Core, allowing any of - that user's RPC clients with read access to the file to login - automatically. The file is `.cookie` in the Bitcoin Core - configuration directory, and using these credentials is the preferred - RPC authentication method. If you need to generate static login - credentials for your programs, you can use the script in the - `share/rpcauth` directory in the Bitcoin Core source tree. As a final - fallback, you can directly use manually-chosen `rpcuser` and - `rpcpassword` configuration parameters---but you must ensure that you - choose a strong and unique passphrase (and still don't use insecure - networks, as mentioned above). +- **Secure authentication:** By default Bitcoin Core generates unique login + credentials each time it restarts and puts them into a file readable only by + the user that started Bitcoin Core, allowing any of that user's RPC clients + with read access to the file to login automatically. The file is `.cookie` + in the Bitcoin Core data directory, and using these credentials is the + preferred RPC authentication method. If you need to generate static login + credentials for your programs, you can use the script in the `share/rpcauth` + directory in the Bitcoin Core source tree to generate credentials to be used + with the `rpcauth` option which can be specified in `bitcoin.conf` or as a + command line argument. The usage of `rpcuser` and `rpcpassword` is now fully + deprecated. - **Secure string handling:** The RPC interface does not guarantee any escaping of data beyond what's necessary to encode it as JSON, diff --git a/doc/init.md b/doc/init.md index 7f7902771802e..ac927ac247cef 100644 --- a/doc/init.md +++ b/doc/init.md @@ -20,26 +20,28 @@ The macOS configuration assumes bitcoind will be set up for the current user. Configuration --------------------------------- -Running bitcoind as a daemon does not require any manual configuration. You may -set the `rpcauth` setting in the `bitcoin.conf` configuration file to override -the default behaviour of using a special cookie for authentication. - -This password does not have to be remembered or typed as it is mostly used -as a fixed token that bitcoind and client programs read from the configuration -file, however it is recommended that a strong and secure password be used -as this password is security critical to securing the wallet should the +Running bitcoind as a daemon does not require any manual configuration. By +default a special cookie file is used for RPC authentication. The cookie is +generated with random content when the daemon starts, and deleted when it +exits. Read access to this file controls access to RPCs. + +By default the cookie is stored in the data directory but its location can be +overridden with the option '-rpccookiefile'. + +The cookie file allows for running bitcoind without having to do any manual +configuration. + +You may optionally set the `rpcauth` setting in the `bitcoin.conf` +configuration file to override the default behaviour of cookie-based +authentication. See `share/rpcauth/README.md` for information on generating +valid `rpcauth` credentials. + +The password used for `rpcauth` does not have to be remembered or typed as it +is used as a fixed token that bitcoind and client programs read from the +configuration file, however it is recommended that a strong and secure password +be used as this password is security critical to securing the wallet should the wallet be enabled. -If bitcoind is run with the "-server" flag (set by default), and no rpcpassword is set, -it will use a special cookie file for authentication. The cookie is generated with random -content when the daemon starts, and deleted when it exits. Read access to this file -controls who can access it through RPC. - -By default the cookie is stored in the data directory, but it's location can be overridden -with the option '-rpccookiefile'. - -This allows for running bitcoind without having to do any manual configuration. - `conf`, `pid`, and `wallet` accept relative paths which are interpreted as relative to the data directory. `wallet` *only* supports relative paths.