From 6336eb9c492e82d232f5890c5aeabd51efdb95a9 Mon Sep 17 00:00:00 2001 From: chris2286266 Date: Mon, 23 Oct 2017 08:49:36 +0200 Subject: [PATCH 1/4] Update functions.php Switching from highly unsecure usage of config.txt to config.php --- functions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/functions.php b/functions.php index 3e0eaeb..714b6f7 100644 --- a/functions.php +++ b/functions.php @@ -4,7 +4,7 @@ function read_config() { $config=array(); - $contents=file_get_contents('config.txt'); + $contents=file_get_contents('config.php'); $lines=explode("\n", $contents); foreach ($lines as $line) { @@ -233,4 +233,4 @@ function string_to_fileref($string) 'mimetype' => $parts[3], 'filesize' => $parts[4], ); - } \ No newline at end of file + } From 0344a85db5e870822ed38b61e22ca42967226b5a Mon Sep 17 00:00:00 2001 From: chris2286266 Date: Mon, 23 Oct 2017 08:55:45 +0200 Subject: [PATCH 2/4] Create config-example.php Based on config-example.txt Configuration implemented as php file now, which is NOT displayed as the txt file before. --- config-example.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 config-example.php diff --git a/config-example.php b/config-example.php new file mode 100644 index 0000000..da069c4 --- /dev/null +++ b/config-example.php @@ -0,0 +1,18 @@ + From 1fed50b882f4b28df68c35159bcda65191cd3859 Mon Sep 17 00:00:00 2001 From: chris2286266 Date: Mon, 23 Oct 2017 08:59:00 +0200 Subject: [PATCH 3/4] Fixed security issue Fixed the security issue with readable config.txt file by replacing it with config.php --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2c8cac6..c10f581 100644 --- a/README.md +++ b/README.md @@ -81,9 +81,9 @@ Make your life easy for the next step by running these on the node's server: cat ~/.multichain/chain1/multichain.conf grep rpc-port ~/.multichain/chain1/params.dat -In the web demo directory, copy the `config-example.txt` file to `config.txt`: +In the web demo directory, copy the `config-example.php` file to `config.php`: - cp config-example.txt config.txt + cp config-example.php config.php In the demo website directory, enter chain details in `config.txt` e.g.: @@ -99,8 +99,6 @@ Multiple chains are supported by the web demo by copying the same section again another.rpchost=... ... -**Note that the `config.txt` file is readable by users of your web demo installation, and contains your MultiChain API password, so you should never use this basic setup for a production system.** - Launch the Web Demo ------------------- From fc773de041e02dcab567752ed87922699d31f125 Mon Sep 17 00:00:00 2001 From: chris2286266 Date: Mon, 23 Oct 2017 09:00:23 +0200 Subject: [PATCH 4/4] Delete config-example.txt No longer needed, replaced by config-example.php --- config-example.txt | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 config-example.txt diff --git a/config-example.txt b/config-example.txt deleted file mode 100644 index 087df59..0000000 --- a/config-example.txt +++ /dev/null @@ -1,13 +0,0 @@ -# Define your MultiChain node credentials below. - -default.name=Default # name to display in the web interface -default.rpchost=127.0.0.1 # IP address of MultiChain node -default.rpcport=12345 # see rpc-port from chain parameters -default.rpcuser=multichainrpc # username for RPC from multichain.conf -default.rpcpassword= # password for RPC from multichain.conf - -# You can configure support for other nodes using a word other than 'default': -# -# another.name=... -# another.rpchost=... -# ...etc... \ No newline at end of file