diff options
| author | Gavin Andresen <[email protected]> | 2014-08-19 13:32:40 -0400 |
|---|---|---|
| committer | Gavin Andresen <[email protected]> | 2014-08-19 13:32:40 -0400 |
| commit | 10dcbc1be0d3e81853b6106510480ee43d87db29 (patch) | |
| tree | 31d660a434132d4b5d93d70fe0a2376f908b2f3e /src/rpcserver.cpp | |
| parent | Merge pull request #4624 (diff) | |
| parent | Don't reveal whether password is <20 or >20 characters in RPC (diff) | |
| download | discoin-10dcbc1be0d3e81853b6106510480ee43d87db29.tar.xz discoin-10dcbc1be0d3e81853b6106510480ee43d87db29.zip | |
Merge pull request #4728 from laanwj/2014_08_rpcserver_password_delay
Don't reveal whether password is <20 or >20 characters in RPC
Diffstat (limited to 'src/rpcserver.cpp')
| -rw-r--r-- | src/rpcserver.cpp | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/rpcserver.cpp b/src/rpcserver.cpp index 3b51c91e7..524627e2d 100644 --- a/src/rpcserver.cpp +++ b/src/rpcserver.cpp @@ -849,11 +849,10 @@ static bool HTTPReq_JSONRPC(AcceptedConnection *conn, if (!HTTPAuthorized(mapHeaders)) { LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", conn->peer_address_to_string()); - /* Deter brute-forcing short passwords. + /* Deter brute-forcing If this results in a DoS the user really shouldn't have their RPC port exposed. */ - if (mapArgs["-rpcpassword"].size() < 20) - MilliSleep(250); + MilliSleep(250); conn->stream() << HTTPError(HTTP_UNAUTHORIZED, false) << std::flush; return false; |