Open Scalena opened 1 year ago
To be fair, the rpcuser
, rpcconnect
and rpcpassword
command line arguments are just there for usability, and not strictly required. You can achieve the same thing by having a ~/.bitcoin/bitcoin.conf
that the bitcoin-cli
can read on its own and pick up the rpccookiefile
from there. In fact the first step to debug problems with the bitcoin backend is always to see if bitcoin-cli
can connect to bitcoind
on its own, as that's used under the hood.
As such replicating all possible authentication options for bitcoin-cli
is likely out of scope, but I see that many users are switching over to rpccookiefile
which should work out of the box if bitcoin-cli
and bitcoind
use the same home directory, so it might be ok to add this last authentication option to the bcli
plugin too :-)
That sounds reasonable, but what about cases, where the bitcoin.conf
file is not in the default location? Then at least the location of the configuration file has to be supplied through bcli
somehow, which is also not possible currently AFAIK. Perhaps this would be a better solution to include all possible authentication methods?
Bitcoin Core offers authenticating the RPC connection via a cookie file using the
rpccookiefile
option instead ofrpcuser
andrpcpassword
. Cookie file authentication is considered more secure than username/password authentication, see [https://github.com/Kixunil/security_writings/blob/master/cookie_files.md] for a discussion. In my estimation it would be an easy-to-implement flexibility and security improvement if CLN supported abitcoin-rpccookiefile
option as an authentication method.