@s{quotedtext}
@s{quotedtext}
Yes, that's right, rpcpassword is only required if you use -server or -daemon or bitcoind (I just tested to be sure).
RE: what if the programmer can't figure out how to make their legacy COBOL code do HTTP authentication?
Then I think another config file setting to explicitly turn off RPC authentication would be better than a magical "if you set a blank rpcpassword then that turns off authentication."   But I wouldn't implement that until somebody really does have a problem or until we have more than one way of doing the authentication (maybe https someday...).
lachesis: is supporting HTTP Basic Authentication a problem for you?