|
Title: Powerful + dangerous API suggestion: JSONP Post by: HanSolo on June 16, 2011, 02:06:08 AM If the client allowed 'JSONP' wrapping of its JSON responses, cool alternate web-based interfaces would be possible.
See for info of JSONP.. http://en.wikipedia.org/wiki/JSONP The danger is this could risk websites accessing bitcoin client via the local browser with references to URLs like "http://USER:PASS@localhost:8332/?jsonrpc=ETC&jsonp=parseResponse". So this would definitely be a expert option, perhaps requiring an extra-strong user:pass, or an extra access token that might only offer read-only access. Or, any attempts to trigger sensitive operations via this interface would require extra second-channel confirmation. Similarly if blockexplorer.com offered JSONP access and could handle the traffic lots of web-based exploration UIs on other sites would be possible without those other sites having their own client/blockchain-library. Title: Re: Powerful + dangerous API suggestion: JSONP Post by: wumpus on June 16, 2011, 06:09:32 AM I don't think we should add anything that reduces security of the bitcoin client right now :p These kind of things can be implemented as a layer above Bitcoin, no need to build it into the client.
Title: Re: Powerful + dangerous API suggestion: JSONP Post by: gigabytecoin on June 16, 2011, 09:24:09 AM I don't think we should add anything that reduces security of the bitcoin client right now :p These kind of things can be implemented as a layer above Bitcoin, no need to build it into the client. Agreed. In fact, change "right now" to "ever" and that's how I would put it. |