�j"1LAnZuoQdcKCkpDBKQMCgziGMoPC4VQUckMí<div class="post">I don't think authentication should be disabled by default if there's no conf file or the config file doesn't contain "rpcpassword", but what if it contains "rpcpassword="?<br/><br/>I can see both points.<br/><br/>What if the programmer can't figure out how to do HTTP authentication in their language (Fortran or whatever) or it's not even supported by their JSON-RPC library? Should they be able to explicitly disable the password requirement?<br/><br/>OTOH, what if there's a template conf file, with<br/>rpcpassword= # fill in a password here<br/><br/>There are many systems that don't allow you to log in without a password. This forum, for instance. Gavin's point seems stronger.<br/><br/>BTW, I haven't tested it, but I hope having rpcpassword= in the conf file is valid. It's only if you use -server or -daemon or bitcoind that it should fail with a warning. If it doesn't need the password, it should be fine. Is that right?</div> text/html
https://whatsonchain.com/tx/fe09b08b21c7c302f8d33bf074bef02e7690399faeb3fb66bdb82be93fac2348