-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not prompt for password to start owner API #656
Conversation
It makes no sense to ask for the password if one only wants to initialize the APIs. Asking for the password makes things unnecessarily difficult and insecure in case I, as a system administrator, want to have the APIs running as a system service.
opening wallet if password argument is present
@yeastplume I'm not familiar with this part. The wallet lifecycle RFC says
Is opening a wallet here by design or can we remove it? |
It can be remove it. When the My guess is that since the token can be null while using init_secure_api one could call What changes this PR is that the wallet will not open unless someone passes the password directly while setting the What I want to achieve is to be able to configure a local service that runs the API. In case the instance running the service is restarted, the service could be started automatically after starting the instance without human intervention. |
I think this is fine, the password check is likely left over from before the implementation of the lifecycle API and tokens, when there was no concept of opening or closing wallets, just the single 'open wallet' on the listener. |
…r API (mimblewimble#656) * Do not prompt for password to start owner API It makes no sense to ask for the password if one only wants to initialize the APIs. Asking for the password makes things unnecessarily difficult and insecure in case I, as a system administrator, want to have the APIs running as a system service. * Update wallet_args.rs * Update wallet_args.rs opening wallet if password argument is present
It makes no sense to ask for the password if one only wants to initialize the APIs. Asking for the password makes things unnecessarily difficult and insecure in case I, as a system administrator, want to have the APIs running as a system service.