Add a separate password --http-password-limited-access that grants limited access the http api for security purposes. Essentially, this limited access password doesn't allow the spending of funds.
This secondary password is less sensitive than the primary password, but it must still not be shared, as other attacks are possible, e.g. resource exhaustion by creating millions of invoices, etc.
The following api methods are not available with limited access:
Add a separate password
--http-password-limited-access
that grants limited access the http api for security purposes. Essentially, this limited access password doesn't allow the spending of funds.This secondary password is less sensitive than the primary password, but it must still not be shared, as other attacks are possible, e.g. resource exhaustion by creating millions of invoices, etc.
The following api methods are not available with limited access:
payinvoice
payoffer
paylnaddress
lnurlpay
lnurlauth
sendtoaddress
closechannel
Closes #74.