Hi Yuri. If you just set a ControlPort in your torrc but not password or cookie auth then its open. Please see...
https://stem.torproject.org/faq.html#can-i-interact-with-tors-controller-interface-directly By default tor restricts access to localhost but none the less, having authentication *or* using ControlSocket instead is advised. Authentication in addition to a ControlSocket is ok but redundant since filesystem permissions of a ControlSocket provide the same safety as using an authentication cookie. On Fri, Aug 18, 2017 at 12:45 PM, Yuri <y...@rawbw.com> wrote: > This confuses me: > > > $ telnet localhost 9051 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > authenticate > 250 OK > > > Isn't it supposed to require either auth-cookie or hashed password? > > Where is authentication policy described? > > > Yuri > > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
