put HashedControlPassword and CookieAuthentication explicitly in the

torrc.sample.in, so unix people don't shoot themselves in the foot.


svn:r19304

1 files changed, 10 insertions, 5 deletions

diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in
index a07d3e21ca..d0b1ee1591 100644
--- a/src/config/torrc.sample.in
+++ b/src/config/torrc.sample.in
@@ -1,5 +1,5 @@
 ## Configuration file for a typical Tor user
-## Last updated 30 January 2009 for Tor 0.2.1.12-alpha.
+## Last updated 12 April 2009 for Tor 0.2.1.14-rc.
 ## (May or may not work for much older or much newer versions of Tor.)
 ##
 ## Lines that begin with "## " try to explain what's going on. Lines
@@ -53,6 +53,10 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
 ## The port on which Tor will listen for local connections from Tor
 ## controller applications, as documented in control-spec.txt.
 #ControlPort 9051
+## If you enable the controlport, be sure to enable one of these
+## authentication methods, to prevent attackers from accessing it.
+#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
+#CookieAuthentication 1
 
 ############### This section is just for location-hidden services ###
 
@@ -76,7 +80,7 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
 
 ## Required: what port to advertise for incoming Tor connections.
 #ORPort 9001
-## If you need to listen on a port other than the one advertised
+## If you want to listen on a port other than the one advertised
 ## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the
 ## line below too. You'll need to do ipchains or other port forwarding
 ## yourself to make this work.
@@ -85,7 +89,8 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
 ## A handle for your relay, so people don't have to refer to it by key.
 #Nickname ididnteditheconfig
 
-## The IP or FQDN for your relay. Leave commented out and Tor will guess.
+## The IP address or full DNS name for your relay. Leave commented out
+## and Tor will guess.
 #Address noname.example.com
 
 ## Define these to limit how much relayed traffic you will allow. Your
@@ -104,14 +109,14 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
 ## Uncomment this to mirror directory information for others. Please do
 ## if you have enough bandwidth.
 #DirPort 9030 # what port to advertise for directory connections
-## If you need to listen on a port other than the one advertised
+## If you want to listen on a port other than the one advertised
 ## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line
 ## below too. You'll need to do ipchains or other port forwarding yourself
 ## to make this work.
 #DirListenAddress 0.0.0.0:9091
 ## Uncomment to return an arbitrary blob of html on your DirPort. Now you
 ## can explain what Tor is if anybody wonders why your IP address is
-## contacting them.
+## contacting them. See contrib/tor-exit-notice.html for a sample.
 #DirPortFrontPage /etc/tor/exit-notice.html
 
 ## Uncomment this if you run more than one Tor relay, and add the identity