AUTHENTICATE is really mandatory. No authentication is not quite the default.

author Nick Mathewson <nickm@torproject.org>

Thu, 8 Jan 2009 14:07:05 +0000 (14:07 +0000)

committer Nick Mathewson <nickm@torproject.org>

Thu, 8 Jan 2009 14:07:05 +0000 (14:07 +0000)
author Nick Mathewson <nickm@torproject.org>
Thu, 8 Jan 2009 14:07:05 +0000 (14:07 +0000)
committer Nick Mathewson <nickm@torproject.org>
Thu, 8 Jan 2009 14:07:05 +0000 (14:07 +0000)
diff --git a/doc/spec/control-spec.txt b/doc/spec/control-spec.txt

index 093bf20a568a9bc7b9dc18bddfaa3fabddde14d3..7c9bcea0833c6d105b456f91e823cc36d12421bb 100644 (file)
--- a/doc/spec/control-spec.txt
+++ b/doc/spec/control-spec.txt
@@ -253,6 +253,10 @@ $Id$
    command, or sends PROTOCOLINFO more than once, Tor sends an error reply and
    closes the connection.
  
+  To prevent some cross-protocol attacks, the AUTHENTICATE command is still
+  required even if all authentication methods in Tor are disabled.  In this
+  case, the controller should just send "AUTHENTICATE" CRLF.
+
    (Versions of Tor before 0.1.2.16 and 0.2.0.4-alpha did not close the
    connection after an authentication failure.)
  
@@ -1591,7 +1595,9 @@ $Id$
  
  5.1. Authentication
  
-  By default, the current Tor implementation trusts all local users.
+  If the control port is open and no authentication operation is enabled, Tor
+  trusts any local user that connects to the control port.  This is generally
+  a poor idea.
  
    If the 'CookieAuthentication' option is true, Tor writes a "magic cookie"
    file named "control_auth_cookie" into its data directory.  To authenticate,
author	Nick Mathewson <nickm@torproject.org>
	Thu, 8 Jan 2009 14:07:05 +0000 (14:07 +0000)
committer	Nick Mathewson <nickm@torproject.org>
	Thu, 8 Jan 2009 14:07:05 +0000 (14:07 +0000)