transmissionbtc icon indicating copy to clipboard operation
transmissionbtc copied to clipboard

Published 20 hours ago verified publisher icon AndreyPavlenko

Secure default settings for the RPC

Open andrebrait opened this issue 5 years ago • 3 comments

Hi there!

I see that the RPC is enabled by default, which is cool, but without authentication, anything on your network is able to use it.

Could you add a random username/password by default (and a button to reveal the current password, like it's usually done in other apps, so the user can see the generated password) so it has some level of security by default?

andrebrait avatar May 08 '19 08:05 andrebrait

I think it would be better to disable RPC by default. Many people use the app in a private net and do not need any passwords. Anyway, transmission does not support https, thus password is a weak protection.

AndreyPavlenko avatar May 08 '19 10:05 AndreyPavlenko

It is, but it's better than nothing, I think.

And what are your thoughts on disabling RPC by default? I thought it would be a big part of what the app does, so you wouldn't desire that.

andrebrait avatar May 08 '19 10:05 andrebrait

In the settings there is the option - Enable RPC. By default it's enabled. When I said "disable RPC by default" I meant - change the default value of this option.

AndreyPavlenko avatar May 08 '19 10:05 AndreyPavlenko