restore HiddenServiceAuthorizeClient in v3
According to the manual, for v3 hidden services, if the contents of /authorized_clients/ cannot be loaded, then the Hidden Service is enabled and is accessible to anyone with the onion address. This is a security hole. It opens the possibility that the user intended for the service to require authorization, but due to files being moved or deleted or inaccessible or other file system problem, the hidden service incorrectly becomes accessible to anyone.
Please restore the configuration option HiddenServiceAuthorizeClient for v3 services. If it is set to "basic", then authentication should be required for the service regardless of whether /authorized_clients/ can be read, or alternately, if the authorized users cannot be read, tor should not start up or should not enable the hidden service.
Trac:
Username: Alan