On 03/07/2015 11:50 AM, Krzysztof Jurewicz wrote:
*snip*
What are your thoughts about that? Are there any security considerations
preventing the whitelist solution? Or maybe a more general one should be
worked out?
I do not allow bitcoin: on my servers, nor anything except for http,
https, or ftp.
The reason is because I have no way of knowing what third party
applications might have vulnerabilities (including social engineering)
that could be exploited by a specially crafted URI string being fed to them.
I don't even allow mailto:
I'm a big supporter of bitcoin but especially for a financial
application where it can't be undone once confirmed in the blockchain, I
just personally think it is too dangerous to even allow bitcoin: URIs on
a web page.
I prefer the user launch the third party application and enter whatever
parameters they want to enter into the client than a link that does
things for them, including possibly some things they don't necessarily
understand is happening.
Especially crypto-currencies where even on Linux systems, the client is
often not under a package management system control and may be out of date.
QR codes pose the same problem but it is more difficult to trick a user
into scanning a QR code, so it is harder to get the user's client to
launch via a trick.
