1
I'm syncing a full BTC node onto an external hard drive, which I'm connecting to by USB. I've created a bitcoin.conf file which sets a very insecure rpcpassword. This is literally the only field I put in the bitcoin.conf file. In what way does this matter?
(I've just changed the password. Should I restart the sync, given that it's 49% through?)
5
By default the RPC interface is only exposed to localhost (127.0.0.1 and ::1), not to the world. In that setting, you need an RPC password only to protect against untrusted local users on your system (unless you're somehow tunneling the RPC port 8332 out).
That said, why do you have an rpcpassword at all? If you're only going to use bitcoin-cli for example you don't need one since version 0.12 (see https://bitcoin.org/en/release/v0.12.0#rpc-random-cookie-rpc-authentication). If you need for having external applications to to bitcoind, rpcauth is preferred over rpcpassword.
There is certainly no need to restart syncing.
3
The RPC interface is not exposed to anything except localhost by default. So other people on your network, nor people on the internet, can access it unless you have explicitly enabled outside access using rpcbind=<ip> and rpcallowip=<ip>. So even using an insecure rpcpassword should be safe. Furthermore, it is completely useless if you don't also set rpcuser.
However rpcpassword is deprecated and it is not recommended that you use that. In fact, it is not necessary for it to be set in order to access the RPC interface. A RPC user and password will be provided in the .cookie file that is found in the data directory. bitcoin-cli will automatically use the user and password set in that file.
(I've just changed the password. Should I restart the sync, given that it's 49% through?)
Restarting Bitcoin Core will not restart the sync. It will continue where it left off when it stopped. Nothing will be lost if you restart.
Yours was the first answer I saw by about a few seconds. Thank you! – jkabrg – 2019-09-16T17:45:51.387
I need it to call
bitcoin-cli stop– jkabrg – 2019-09-16T17:56:47.423No need for an rpcpassword at all in that case. Since 0.12 cookie authentication is used when no rpcpassword/rpcauth are set (a file is created by bitcoind with a randomly generated password in it, and that file is read by bitcoin-cli, and deleted when bitcoind exits). – Pieter Wuille – 2019-09-16T18:01:37.320
Should I still have a config file, albeit an empty one? – jkabrg – 2019-09-16T18:02:16.130
1No, you don't need one. But perhaps you do want one for other options such as dbcache, addnode, ... – Pieter Wuille – 2019-09-16T18:05:17.120