Author

Topic: Powerful + dangerous API suggestion: JSONP (Read 1117 times)

sr. member
Activity: 280
Merit: 252
June 16, 2011, 04:24:09 AM
#3
I don't think we should add anything that reduces security of the bitcoin client right now  :p These kind of things can be implemented as a layer above Bitcoin, no need to build it into the client.


Agreed.

In fact, change "right now" to "ever" and that's how I would put it.
hero member
Activity: 812
Merit: 1022
No Maps for These Territories
I don't think we should add anything that reduces security of the bitcoin client right now  :p These kind of things can be implemented as a layer above Bitcoin, no need to build it into the client.
newbie
Activity: 59
Merit: 0
If the client allowed 'JSONP' wrapping of its JSON responses, cool alternate web-based interfaces would be possible.

See for info of JSONP..

http://en.wikipedia.org/wiki/JSONP

The danger is this could risk websites accessing bitcoin client via the local browser with references to URLs like "http://USER:PASS@localhost:8332/?jsonrpc=ETC&jsonp=parseResponse".

So this would definitely be a expert option, perhaps requiring an extra-strong user:pass, or an extra access token that might only offer read-only access. Or, any attempts to trigger sensitive operations via this interface would require extra second-channel confirmation.

Similarly if blockexplorer.com offered JSONP access and could handle the traffic lots of web-based exploration UIs on other sites would be possible without those other sites having their own client/blockchain-library.
Jump to: