From d5cae48bae81cd6072255150162b26a3653f176e Mon Sep 17 00:00:00 2001
From: gary rong <garyrong0905@gmail.com>
Date: Thu, 4 Apr 2019 19:03:10 +0800
Subject: accounts, cmd, internal: disable unlock account on open HTTP (#17037)

* cmd, accounts, internal, node, rpc, signer: insecure unlock protect

* all: strict unlock API by rpc

* cmd/geth: check before printing warning log

* accounts, cmd/geth, internal: tiny polishes
---
 signer/core/api.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'signer')

diff --git a/signer/core/api.go b/signer/core/api.go
index 184b90310..9da6ee2a2 100644
--- a/signer/core/api.go
+++ b/signer/core/api.go
@@ -139,7 +139,8 @@ func StartClefAccountManager(ksLocation string, nousb, lightKDF bool) *accounts.
 			log.Debug("Trezor support enabled")
 		}
 	}
-	return accounts.NewManager(backends...)
+	// Clef doesn't allow insecure http account unlock.
+	return accounts.NewManager(&accounts.Config{InsecureUnlockAllowed: false}, backends...)
 }
 
 // MetadataFromContext extracts Metadata from a given context.Context
-- 
cgit v1.2.3