Add a separate password --http-password-limited-access that grants limited access the http api for security purposes. Essentially, this limited access password doesn't allow the spending of funds.
This secondary password is less sensitive than the primary password, but it must still not be shared, as other attacks are possible, e.g. resource exhaustion by creating millions of invoices, etc.
The following api methods are not available with limited access:
Add a separate password
--http-password-limited-accessthat grants limited access the http api for security purposes. Essentially, this limited access password doesn't allow the spending of funds.This secondary password is less sensitive than the primary password, but it must still not be shared, as other attacks are possible, e.g. resource exhaustion by creating millions of invoices, etc.
The following api methods are not available with limited access:
payinvoicepayofferpaylnaddresslnurlpaylnurlauthsendtoaddressclosechannelCloses #74.