doc: remove references to rpcuser and rpcpassword

willcl-ark · Jan 16, 2024 · 2350eaf · 2350eaf
1 parent 28ccc70
commit 2350eaf
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 33 deletions.
diff --git a/doc/JSON-RPC-interface.md b/doc/JSON-RPC-interface.md
@@ -32,10 +32,10 @@ requests when multiple wallets are in use.
 ### Examples
 
 ```sh
-# Get block count from the / endpoint when rpcuser=alice and rpcport=38332
+# Get block count from the / endpoint when rpcauth=alice:<password_hash> and rpcport=38332
 $ curl --user alice --data-binary '{"jsonrpc": "1.0", "id": "0", "method": "getblockcount", "params": []}' -H 'content-type: text/plain;' localhost:38332/
 
-# Get balance from the /wallet/walletname endpoint when rpcuser=alice, rpcport=38332 and rpcwallet=desc-wallet
+# Get balance from the /wallet/walletname endpoint when rpcauth=alice:<password_hash>, rpcport=38332 and rpcwallet=desc-wallet
 $ curl --user alice --data-binary '{"jsonrpc": "1.0", "id": "0", "method": "getbalance", "params": []}' -H 'content-type: text/plain;' localhost:38332/wallet/desc-wallet
 
 ```
@@ -128,19 +128,17 @@ RPC interface will be abused.
     Instead, expose it only on the host system's localhost, for example:
     `-p 127.0.0.1:8332:8332`
 
-- **Secure authentication:** By default, when no `rpcpassword` is specified, Bitcoin Core generates unique
-  login credentials each time it restarts and puts them into a file
-  readable only by the user that started Bitcoin Core, allowing any of
-  that user's RPC clients with read access to the file to login
-  automatically.  The file is `.cookie` in the Bitcoin Core
-  configuration directory, and using these credentials is the preferred
-  RPC authentication method.  If you need to generate static login
-  credentials for your programs, you can use the script in the
-  `share/rpcauth` directory in the Bitcoin Core source tree.  As a final
-  fallback, you can directly use manually-chosen `rpcuser` and
-  `rpcpassword` configuration parameters---but you must ensure that you
-  choose a strong and unique passphrase (and still don't use insecure
-  networks, as mentioned above).
+- **Secure authentication:** By default Bitcoin Core generates unique login
+  credentials each time it restarts and puts them into a file readable only by
+  the user that started Bitcoin Core, allowing any of that user's RPC clients
+  with read access to the file to login automatically.  The file is `.cookie`
+  in the Bitcoin Core data directory, and using these credentials is the
+  preferred RPC authentication method.  If you need to generate static login
+  credentials for your programs, you can use the script in the `share/rpcauth`
+  directory in the Bitcoin Core source tree to generate credentials to be used
+  with the `rpcauth` option which can be specified in `bitcoin.conf` or as a
+  command line argument. The usage of `rpcuser` and `rpcpassword` is now fully
+  deprecated.
 
 - **Secure string handling:** The RPC interface does not guarantee any
   escaping of data beyond what's necessary to encode it as JSON,

diff --git a/doc/init.md b/doc/init.md
@@ -20,26 +20,28 @@ The macOS configuration assumes bitcoind will be set up for the current user.
 Configuration
 ---------------------------------
 
-Running bitcoind as a daemon does not require any manual configuration. You may
-set the `rpcauth` setting in the `bitcoin.conf` configuration file to override
-the default behaviour of using a special cookie for authentication.
-
-This password does not have to be remembered or typed as it is mostly used
-as a fixed token that bitcoind and client programs read from the configuration
-file, however it is recommended that a strong and secure password be used
-as this password is security critical to securing the wallet should the
+Running bitcoind as a daemon does not require any manual configuration. By
+default a special cookie file is used for RPC authentication. The cookie is
+generated with random content when the daemon starts, and deleted when it
+exits. Read access to this file controls access to RPCs.
+
+By default the cookie is stored in the data directory but its location can be
+overridden with the option '-rpccookiefile'.
+
+The cookie file allows for running bitcoind without having to do any manual
+configuration.
+
+You may optionally set the `rpcauth` setting in the `bitcoin.conf`
+configuration file to override the default behaviour of cookie-based
+authentication. See `share/rpcauth/README.md` for information on generating
+valid `rpcauth` credentials.
+
+The password used for `rpcauth` does not have to be remembered or typed as it
+is used as a fixed token that bitcoind and client programs read from the
+configuration file, however it is recommended that a strong and secure password
+be used as this password is security critical to securing the wallet should the
 wallet be enabled.
 
-If bitcoind is run with the "-server" flag (set by default), and no rpcpassword is set,
-it will use a special cookie file for authentication. The cookie is generated with random
-content when the daemon starts, and deleted when it exits. Read access to this file
-controls who can access it through RPC.
-
-By default the cookie is stored in the data directory, but it's location can be overridden
-with the option '-rpccookiefile'.
-
-This allows for running bitcoind without having to do any manual configuration.
-
 `conf`, `pid`, and `wallet` accept relative paths which are interpreted as
 relative to the data directory. `wallet` *only* supports relative paths.