wumpus (OP)
|
|
August 07, 2011, 07:26:30 PM |
|
Is x-btc widely used yet? If not, maybe we could modify that to everyone's liking, and make that the standard, so we don't need to worry about backward compatibility.
I don't think any bitcoin URI scheme is widely used yet But indeed, x-btc: is even more rare than bitcoin: . Are '-' even allowed in URI schemes?
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
|
|
|
Be very wary of relying on JavaScript for security on crypto sites. The site can change the JavaScript at any time unless you take unusual precautions, and browsers are not generally known for their airtight security.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
drawoc
Full Member
Offline
Activity: 168
Merit: 100
Firstbits: 175wn
|
|
August 07, 2011, 08:07:02 PM |
|
Are '-' even allowed in URI schemes?
Apparently, yes. From RFC 3986: Scheme names consist of a sequence of characters beginning with a letter and followed by any combination of letters, digits, plus ("+"), period ("."), or hyphen ("-").
|
Donate: 175WNXmJ1WVhFgVGKUqEhYtAQGRYAvqPA
|
|
|
wumpus (OP)
|
|
August 07, 2011, 11:09:25 PM |
|
Suggestions for a better "RFC process" are welcome; which open source project should we emulate? (e.g. bittorrent has BEPs, python has PEPs, are there other models to follow?)
It seems that the PEP process that Python uses works pretty well. I don't know anything about BEP, or how it compares. But this is a great idea... I also think the URI would be a good initial "Bitcoin PEP" as it is fairly trivial and a good way to get people used to it. Much better than keeping the spec on a wiki page where people can add all kind of wacky stuff for their own agenda.
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
bitplane
|
|
August 08, 2011, 01:01:42 AM |
|
Alas, dispatching based on clicking the URL would need to be implemented on a per-browser basis So don't expect this any soon. It should be desktop environment specific, nothing to do with the browser: Here's how to do it for Windows, Linux (Gnome/KDE), OSX, Android and iOS
|
|
|
|
wumpus (OP)
|
|
August 08, 2011, 01:06:52 AM |
|
It should be desktop environment specific, nothing to do with the browser:
Thanks. But I think I'll keep it at explicit drag&drop. Having the browser being able to send commands to the bitcoin client without user intervention is just a too big a potential security hole.
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
D.H.
|
|
August 10, 2011, 04:04:56 PM |
|
It should be desktop environment specific, nothing to do with the browser:
Thanks. But I think I'll keep it at explicit drag&drop. Having the browser being able to send commands to the bitcoin client without user intervention is just a too big a potential security hole. I suggest that you use a confirmation box in the client before executing whatever the link is trying to do. After all it's much more intuitive to click links than to drag them.
|
www.bitcoin.se - Forum, nyheter och information på svenska! (Forum, news and information in Swedish)
|
|
|
error
|
|
August 10, 2011, 06:30:01 PM |
|
It should be desktop environment specific, nothing to do with the browser:
Thanks. But I think I'll keep it at explicit drag&drop. Having the browser being able to send commands to the bitcoin client without user intervention is just a too big a potential security hole. I'm not sure if you understand how browsers pass such URLs to external URL handlers. Your program gets called with the URL as an argument. That's all. It's up to your program to actually do something with the URL.
|
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
aq
|
|
August 12, 2011, 03:21:03 PM |
|
It should be desktop environment specific, nothing to do with the browser:
Thanks. But I think I'll keep it at explicit drag&drop. Having the browser being able to send commands to the bitcoin client without user intervention is just a too big a potential security hole. I suggest that you use a confirmation box in the client before executing whatever the link is trying to do. After all it's much more intuitive to click links than to drag them. +1 Modern browsers already support dragable text, so if a "link" is only dragable, one can just put a plain text address there. The whole point of a link is that it is clickable. IMHO, thinks like this prevent bitcoin from being mass adoped
|
|
|
|
bitplane
|
|
August 14, 2011, 01:28:28 AM |
|
If you have a confirmation box then a simple VBScript which launches an URL and calls sendkeys to confirm the transaction could potentially drain your account. I suggest putting the confirmation box on a secure desktop to prevent this possibility.
|
|
|
|
aq
|
|
August 15, 2011, 12:13:18 AM |
|
If you have a confirmation box then a simple VBScript which launches an URL and calls sendkeys to confirm the transaction could potentially drain your account. I suggest putting the confirmation box on a secure desktop to prevent this possibility.
Sure, instead of just enabling server mode by changing a single line in the config file and using the rpc api (doable right now, and it seems that everyone is ok with this - even no GUI involved, so undetectable by the average user), a hacker would choose the more difficult way of using some link and sendkeys. I mean why even use the link at all, your VBScript can start the bitcoin exe and use sendkeys to open the send dialog to do the same. IMHO that would be an extreme lame excuse for not implementing clickable links. I am sure I could probably write both versions within an hour. And BTW, a VBScript can as easily simulate the link drag-dropping... So to cut a long story short, either put all those send bitcoin dialogs on a secure desktop, or stop using this as an argument against clickable links.
|
|
|
|
|