[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Why does tor control port 9051 allow empty authentication?
Hi Yuri. If you just set a ControlPort in your torrc but not password
or cookie auth then its open. Please see...
By default tor restricts access to localhost but none the less, having
authentication *or* using ControlSocket instead is advised.
Authentication in addition to a ControlSocket is ok but redundant
since filesystem permissions of a ControlSocket provide the same
safety as using an authentication cookie.
On Fri, Aug 18, 2017 at 12:45 PM, Yuri <yuri@xxxxxxxxx> wrote:
> This confuses me:
> $ telnet localhost 9051
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 250 OK
> Isn't it supposed to require either auth-cookie or hashed password?
> Where is authentication policy described?
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to