Title: Bitcoin address valiation Post by: BitCoinDream on October 19, 2014, 06:50:00 PM Can there be any issue if I validate a bitcoin address with the following code snippet ?
Code: function validateAddress($address){ Title: Re: Bitcoin address valiation Post by: bitsmichel on October 19, 2014, 06:57:32 PM Yes, there could be an issue. $address could contain an XSS attack. Validate $address to be greater than the required length.
Another potential attack would be a lot of processing server side. While that is very unlikely it is not unthinkable. Title: Re: Bitcoin address valiation Post by: Ricke on October 19, 2014, 07:01:55 PM Would work most times, but you should insert a code snippet which checks if blockchain.info returns any good result, otherwise you might find yourself having false negatives when blockchain.info is down or asking your PHP script for a captcha. (Sometimes CloudFlare locks out your PHP script)
Title: Re: Bitcoin address valiation Post by: BitCoinDream on October 19, 2014, 10:11:33 PM Yes, there could be an issue. $address could contain an XSS attack. Validate $address to be greater than the required length. Another potential attack would be a lot of processing server side. While that is very unlikely it is not unthinkable. Thanks for pointing out. I think the following code may validate the address size... Code: function validateAddress($address){ Would work most times, but you should insert a code snippet which checks if blockchain.info returns any good result, otherwise you might find yourself having false negatives when blockchain.info is down or asking your PHP script for a captcha. (Sometimes CloudFlare locks out your PHP script) Yep... the uptime of blockchain.info is now a problem. Do u know any API to check blockchain.info status ? I think simple ping check or HTTP header checking wont work as they are behind cloudflare. Title: Re: Bitcoin address valiation Post by: gweedo on October 20, 2014, 01:48:11 AM Here is better php validation code, which was actually created by theymos and Mike Gogulski. Should work on a stock php5 install.
Code: private static $base58chars = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"; Title: Re: Bitcoin address valiation Post by: BitCoinDream on October 20, 2014, 08:59:23 AM Here is better php validation code, which was actually created by theymos and Mike Gogulski. Should work on a stock php5 install. Code: private static $base58chars = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"; Thanks for the code snippet. I read somewhere that most of the time standalone PHP codes are unable to validate Pay2PubKeyHash addresses and Pay2ScriptHash addresses at a time. Does this validate both type of addresses ? Title: Re: Bitcoin address valiation Post by: trattrat on October 21, 2014, 01:29:30 PM Last 4 chars of a B58 encoded address is the checksum. You can use that to validate.
|