public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Pieter Wuille <pieter.wuille@gmail.com>
To: Andreas Schildbach <andreas@schildbach.de>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] HTTP REST API for bitcoind
Date: Tue, 23 Jul 2013 12:36:46 +0200	[thread overview]
Message-ID: <CAPg+sBj8Nt5eQmnyiD6vaFP1970hj5Z5JxEocw3BHEwO_Lbhkg@mail.gmail.com> (raw)
In-Reply-To: <ksllu7$9i$1@ger.gmane.org>

On Tue, Jul 23, 2013 at 12:29 PM, Andreas Schildbach
<andreas@schildbach.de> wrote:
> Yes, I understand that. For this reason, I would vote for adding the
> usual HTTP authentication/SSL stuff to the REST API. That way, SPV users
> can decide to run their own instance of the API (providing the needed
> resources themselves).
>
> Or, a trusted party can set up a server. For example, I would be willing
> to set it up for users of Bitcoin Wallet. I don't expect shitloads of
> paper wallets sweeps for the forseeable future.

I don't object to using a trusted server for this if people want that,
but I don't think the reference client should encourage this.

Apart from that, exposing this HTTP-based interface publicly has its
own problems, like security risks and potential DoS risks. If
anything, we should be reducing the attack surface rather than
increase it. IMHO, the only thing that should be exposed in the P2P
protocol, which is inevitable, and already has some DoS protections.

I like this HTTP interface, but it should really only be used for
trusted local applications and debugging.

-- 
Pieter



  reply	other threads:[~2013-07-23 10:36 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-22 19:42 [Bitcoin-development] HTTP REST API for bitcoind Jeff Garzik
2013-07-22 22:06 ` Michael Hendricks
2013-07-23  8:27 ` Andreas Schildbach
2013-07-23  8:45   ` Michael Gronager
2013-07-23  9:37   ` Pieter Wuille
2013-07-23  9:53     ` Michael Gronager
2013-07-23 10:17     ` Andreas Schildbach
2013-07-23 10:27       ` Pieter Wuille
2013-07-23  9:30 ` Andy Parkins
2013-07-23  9:42   ` Pieter Wuille
2013-07-23  9:52     ` Andy Parkins
2013-07-23  9:56       ` Pieter Wuille
2013-07-23 10:02         ` Andy Parkins
2013-07-23 10:06           ` Pieter Wuille
2013-07-23  9:47   ` Peter Todd
2013-07-23 10:00     ` Andy Parkins
2013-07-23 10:17       ` Peter Todd
2013-07-23 11:45         ` Andy Parkins
2013-07-23 10:19       ` Pieter Wuille
2013-07-23 10:29     ` Andreas Schildbach
2013-07-23 10:36       ` Pieter Wuille [this message]
2013-07-23 15:48         ` Michael Hendricks
2013-07-23 19:36       ` Mark Friedenbach
2013-08-10 20:30         ` Rune Kjær Svendsen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAPg+sBj8Nt5eQmnyiD6vaFP1970hj5Z5JxEocw3BHEwO_Lbhkg@mail.gmail.com \
    --to=pieter.wuille@gmail.com \
    --cc=andreas@schildbach.de \
    --cc=bitcoin-development@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox