Bitcoin Forum
November 16, 2019, 09:35:37 PM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Bitcoin URL scheme: have any proposals been adapted?  (Read 2793 times)
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 812
Merit: 1000

No Maps for These Territories


View Profile
August 07, 2011, 07:26:30 PM
 #21

Is x-btc widely used yet? If not, maybe we could modify that to everyone's liking, and make that the standard, so we don't need to worry about backward compatibility.
I don't think any bitcoin URI scheme is widely used yet Smiley But indeed, x-btc: is even more rare than bitcoin: . Are '-' even allowed in URI schemes?

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1573940137
Hero Member
*
Offline Offline

Posts: 1573940137

View Profile Personal Message (Offline)

Ignore
1573940137
Reply with quote  #2

1573940137
Report to moderator
1573940137
Hero Member
*
Offline Offline

Posts: 1573940137

View Profile Personal Message (Offline)

Ignore
1573940137
Reply with quote  #2

1573940137
Report to moderator
drawoc
Full Member
***
Offline Offline

Activity: 168
Merit: 100

Firstbits: 175wn


View Profile
August 07, 2011, 08:07:02 PM
 #22

Are '-' even allowed in URI schemes?
Apparently, yes.

From RFC 3986:
Quote
   Scheme names consist of a sequence of characters beginning with a
   letter and followed by any combination of letters, digits, plus
   ("+"), period ("."), or hyphen ("-").

Donate: 175WNXmJ1WVhFgVGKUqEhYtAQGRYAvqPA
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 812
Merit: 1000

No Maps for These Territories


View Profile
August 07, 2011, 11:09:25 PM
 #23

Suggestions for a better "RFC process" are welcome; which open source project should we emulate?  (e.g. bittorrent has BEPs, python has PEPs, are there other models to follow?)
It seems that the PEP process that Python uses works pretty well. I don't know anything about BEP, or how it compares.

But this is a great idea... I also think the URI would be a good initial "Bitcoin PEP" as it is fairly trivial and a good way to get people used to it.

Much better than keeping the spec on a wiki page where people can add all kind of wacky stuff for their own agenda.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
bitplane
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250

Firstbits: 1gyzhw


View Profile WWW
August 08, 2011, 01:01:42 AM
 #24

Alas, dispatching based on clicking the URL would need to be implemented on a per-browser basis Sad So don't expect this any soon.
It should be desktop environment specific, nothing to do with the browser:
Here's how to do it for Windows, Linux (Gnome/KDE), OSX, Android and iOS
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 812
Merit: 1000

No Maps for These Territories


View Profile
August 08, 2011, 01:06:52 AM
 #25

It should be desktop environment specific, nothing to do with the browser:
Thanks. But I think I'll keep it at explicit drag&drop. Having the browser being able to send commands to the bitcoin client without user intervention is just a too big a potential security hole.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
D.H.
Sr. Member
****
Offline Offline

Activity: 311
Merit: 250


Bitcoin.se site owner


View Profile WWW
August 10, 2011, 04:04:56 PM
 #26

It should be desktop environment specific, nothing to do with the browser:
Thanks. But I think I'll keep it at explicit drag&drop. Having the browser being able to send commands to the bitcoin client without user intervention is just a too big a potential security hole.

I suggest that you use a confirmation box in the client before executing whatever the link is trying to do. After all it's much more intuitive to click links than to drag them.

www.bitcoin.se - Forum, nyheter och information på svenska! (Forum, news and information in Swedish)
error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
August 10, 2011, 06:30:01 PM
 #27

It should be desktop environment specific, nothing to do with the browser:
Thanks. But I think I'll keep it at explicit drag&drop. Having the browser being able to send commands to the bitcoin client without user intervention is just a too big a potential security hole.

I'm not sure if you understand how browsers pass such URLs to external URL handlers. Your program gets called with the URL as an argument. That's all. It's up to your program to actually do something with the URL.

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
aq
Full Member
***
Offline Offline

Activity: 238
Merit: 100


View Profile
August 12, 2011, 03:21:03 PM
 #28

It should be desktop environment specific, nothing to do with the browser:
Thanks. But I think I'll keep it at explicit drag&drop. Having the browser being able to send commands to the bitcoin client without user intervention is just a too big a potential security hole.

I suggest that you use a confirmation box in the client before executing whatever the link is trying to do. After all it's much more intuitive to click links than to drag them.
+1
Modern browsers already support dragable text, so if a "link" is only dragable, one can just put a plain text address there.
The whole point of a link is that it is clickable. IMHO, thinks like this prevent bitcoin from being mass adoped  Sad
bitplane
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250

Firstbits: 1gyzhw


View Profile WWW
August 14, 2011, 01:28:28 AM
 #29

If you have a confirmation box then a simple VBScript which launches an URL and calls sendkeys to confirm the transaction could potentially drain your account. I suggest putting the confirmation box on a secure desktop to prevent this possibility.
aq
Full Member
***
Offline Offline

Activity: 238
Merit: 100


View Profile
August 15, 2011, 12:13:18 AM
 #30

If you have a confirmation box then a simple VBScript which launches an URL and calls sendkeys to confirm the transaction could potentially drain your account. I suggest putting the confirmation box on a secure desktop to prevent this possibility.
Sure, instead of just enabling server mode by changing a single line in the config file and using the rpc api (doable right now, and it seems that everyone is ok with this - even no GUI involved, so undetectable by the average user), a hacker would choose the more difficult way of using some link and sendkeys. I mean why even use the link at all, your VBScript can start the bitcoin exe and use sendkeys to open the send dialog to do the same. IMHO that would be an extreme lame excuse for not implementing clickable links. I am sure I could probably write both versions within an hour. And BTW, a VBScript can as easily simulate the link drag-dropping...
So to cut a long story short, either put all those send bitcoin dialogs on a secure desktop, or stop using this as an argument against clickable links.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!