Bitcoin Forum
December 04, 2016, 06:20:46 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Powerful + dangerous API suggestion: JSONP  (Read 940 times)
HanSolo
Jr. Member
*
Offline Offline

Activity: 59


Don't everyone thank me at once.


View Profile
June 16, 2011, 02:06:08 AM
 #1

If the client allowed 'JSONP' wrapping of its JSON responses, cool alternate web-based interfaces would be possible.

See for info of JSONP..

http://en.wikipedia.org/wiki/JSONP

The danger is this could risk websites accessing bitcoin client via the local browser with references to URLs like "http://USER:PASS@localhost:8332/?jsonrpc=ETC&jsonp=parseResponse".

So this would definitely be a expert option, perhaps requiring an extra-strong user:pass, or an extra access token that might only offer read-only access. Or, any attempts to trigger sensitive operations via this interface would require extra second-channel confirmation.

Similarly if blockexplorer.com offered JSONP access and could handle the traffic lots of web-based exploration UIs on other sites would be possible without those other sites having their own client/blockchain-library.

Never tell me the odds. ⓑ 1J5wQvCz2mn3f4TxPFtExKs253GyeKKkBb
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
June 16, 2011, 06:09:32 AM
 #2

I don't think we should add anything that reduces security of the bitcoin client right now  :p These kind of things can be implemented as a layer above Bitcoin, no need to build it into the client.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280


View Profile
June 16, 2011, 09:24:09 AM
 #3

I don't think we should add anything that reduces security of the bitcoin client right now  :p These kind of things can be implemented as a layer above Bitcoin, no need to build it into the client.


Agreed.

In fact, change "right now" to "ever" and that's how I would put it.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!