Bitcoin Forum
December 09, 2016, 04:20:13 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Bitcoin URL scheme: have any proposals been adapted?  (Read 2536 times)
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
August 07, 2011, 07:26:30 PM
 #21

Is x-btc widely used yet? If not, maybe we could modify that to everyone's liking, and make that the standard, so we don't need to worry about backward compatibility.
I don't think any bitcoin URI scheme is widely used yet Smiley But indeed, x-btc: is even more rare than bitcoin: . Are '-' even allowed in URI schemes?

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
1481257213
Hero Member
*
Offline Offline

Posts: 1481257213

View Profile Personal Message (Offline)

Ignore
1481257213
Reply with quote  #2

1481257213
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481257213
Hero Member
*
Offline Offline

Posts: 1481257213

View Profile Personal Message (Offline)

Ignore
1481257213
Reply with quote  #2

1481257213
Report to moderator
drawoc
Full Member
***
Offline Offline

Activity: 168

Firstbits: 175wn


View Profile
August 07, 2011, 08:07:02 PM
 #22

Are '-' even allowed in URI schemes?
Apparently, yes.

From RFC 3986:
Quote
   Scheme names consist of a sequence of characters beginning with a
   letter and followed by any combination of letters, digits, plus
   ("+"), period ("."), or hyphen ("-").

Donate: 175WNXmJ1WVhFgVGKUqEhYtAQGRYAvqPA
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
August 07, 2011, 11:09:25 PM
 #23

Suggestions for a better "RFC process" are welcome; which open source project should we emulate?  (e.g. bittorrent has BEPs, python has PEPs, are there other models to follow?)
It seems that the PEP process that Python uses works pretty well. I don't know anything about BEP, or how it compares.

But this is a great idea... I also think the URI would be a good initial "Bitcoin PEP" as it is fairly trivial and a good way to get people used to it.

Much better than keeping the spec on a wiki page where people can add all kind of wacky stuff for their own agenda.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
bitplane
Sr. Member
****
Offline Offline

Activity: 321

Firstbits: 1gyzhw


View Profile WWW
August 08, 2011, 01:01:42 AM
 #24

Alas, dispatching based on clicking the URL would need to be implemented on a per-browser basis Sad So don't expect this any soon.
It should be desktop environment specific, nothing to do with the browser:
Here's how to do it for Windows, Linux (Gnome/KDE), OSX, Android and iOS
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
August 08, 2011, 01:06:52 AM
 #25

It should be desktop environment specific, nothing to do with the browser:
Thanks. But I think I'll keep it at explicit drag&drop. Having the browser being able to send commands to the bitcoin client without user intervention is just a too big a potential security hole.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
D.H.
Sr. Member
****
Offline Offline

Activity: 311


Bitcoin.se site owner


View Profile WWW
August 10, 2011, 04:04:56 PM
 #26

It should be desktop environment specific, nothing to do with the browser:
Thanks. But I think I'll keep it at explicit drag&drop. Having the browser being able to send commands to the bitcoin client without user intervention is just a too big a potential security hole.

I suggest that you use a confirmation box in the client before executing whatever the link is trying to do. After all it's much more intuitive to click links than to drag them.

www.bitcoin.se - Forum, nyheter och information på svenska! (Forum, news and information in Swedish)
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
August 10, 2011, 06:30:01 PM
 #27

It should be desktop environment specific, nothing to do with the browser:
Thanks. But I think I'll keep it at explicit drag&drop. Having the browser being able to send commands to the bitcoin client without user intervention is just a too big a potential security hole.

I'm not sure if you understand how browsers pass such URLs to external URL handlers. Your program gets called with the URL as an argument. That's all. It's up to your program to actually do something with the URL.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
aq
Full Member
***
Offline Offline

Activity: 238


View Profile
August 12, 2011, 03:21:03 PM
 #28

It should be desktop environment specific, nothing to do with the browser:
Thanks. But I think I'll keep it at explicit drag&drop. Having the browser being able to send commands to the bitcoin client without user intervention is just a too big a potential security hole.

I suggest that you use a confirmation box in the client before executing whatever the link is trying to do. After all it's much more intuitive to click links than to drag them.
+1
Modern browsers already support dragable text, so if a "link" is only dragable, one can just put a plain text address there.
The whole point of a link is that it is clickable. IMHO, thinks like this prevent bitcoin from being mass adoped  Sad
bitplane
Sr. Member
****
Offline Offline

Activity: 321

Firstbits: 1gyzhw


View Profile WWW
August 14, 2011, 01:28:28 AM
 #29

If you have a confirmation box then a simple VBScript which launches an URL and calls sendkeys to confirm the transaction could potentially drain your account. I suggest putting the confirmation box on a secure desktop to prevent this possibility.
aq
Full Member
***
Offline Offline

Activity: 238


View Profile
August 15, 2011, 12:13:18 AM
 #30

If you have a confirmation box then a simple VBScript which launches an URL and calls sendkeys to confirm the transaction could potentially drain your account. I suggest putting the confirmation box on a secure desktop to prevent this possibility.
Sure, instead of just enabling server mode by changing a single line in the config file and using the rpc api (doable right now, and it seems that everyone is ok with this - even no GUI involved, so undetectable by the average user), a hacker would choose the more difficult way of using some link and sendkeys. I mean why even use the link at all, your VBScript can start the bitcoin exe and use sendkeys to open the send dialog to do the same. IMHO that would be an extreme lame excuse for not implementing clickable links. I am sure I could probably write both versions within an hour. And BTW, a VBScript can as easily simulate the link drag-dropping...
So to cut a long story short, either put all those send bitcoin dialogs on a secure desktop, or stop using this as an argument against clickable links.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!