On Tue, Jul 23, 2013 at 12:29 PM, Andreas Schildbach <andr...@schildbach.de> wrote: > Yes, I understand that. For this reason, I would vote for adding the > usual HTTP authentication/SSL stuff to the REST API. That way, SPV users > can decide to run their own instance of the API (providing the needed > resources themselves). > > Or, a trusted party can set up a server. For example, I would be willing > to set it up for users of Bitcoin Wallet. I don't expect shitloads of > paper wallets sweeps for the forseeable future.
I don't object to using a trusted server for this if people want that, but I don't think the reference client should encourage this. Apart from that, exposing this HTTP-based interface publicly has its own problems, like security risks and potential DoS risks. If anything, we should be reducing the attack surface rather than increase it. IMHO, the only thing that should be exposed in the P2P protocol, which is inevitable, and already has some DoS protections. I like this HTTP interface, but it should really only be used for trusted local applications and debugging. -- Pieter ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
