mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
AUTHENTICATE is really mandatory. No authentication is not quite the default.
svn:r18024
This commit is contained in:
parent
da6ee5da73
commit
bd0e400bc3
@ -253,6 +253,10 @@ $Id$
|
||||
command, or sends PROTOCOLINFO more than once, Tor sends an error reply and
|
||||
closes the connection.
|
||||
|
||||
To prevent some cross-protocol attacks, the AUTHENTICATE command is still
|
||||
required even if all authentication methods in Tor are disabled. In this
|
||||
case, the controller should just send "AUTHENTICATE" CRLF.
|
||||
|
||||
(Versions of Tor before 0.1.2.16 and 0.2.0.4-alpha did not close the
|
||||
connection after an authentication failure.)
|
||||
|
||||
@ -1591,7 +1595,9 @@ $Id$
|
||||
|
||||
5.1. Authentication
|
||||
|
||||
By default, the current Tor implementation trusts all local users.
|
||||
If the control port is open and no authentication operation is enabled, Tor
|
||||
trusts any local user that connects to the control port. This is generally
|
||||
a poor idea.
|
||||
|
||||
If the 'CookieAuthentication' option is true, Tor writes a "magic cookie"
|
||||
file named "control_auth_cookie" into its data directory. To authenticate,
|
||||
|
Loading…
Reference in New Issue
Block a user