On 03/07/2015 11:50 AM, Krzysztof Jurewicz wrote:
*snip*

What are your thoughts about that? Are there any security considerations
preventing the whitelist solution? Or maybe a more general one should be
worked out?


I do not allow bitcoin: on my servers, nor anything except for http, https, or ftp.

The reason is because I have no way of knowing what third party applications might have vulnerabilities (including social engineering) that could be exploited by a specially crafted URI string being fed to them.

I don't even allow mailto:

I'm a big supporter of bitcoin but especially for a financial application where it can't be undone once confirmed in the blockchain, I just personally think it is too dangerous to even allow bitcoin: URIs on a web page.

I prefer the user launch the third party application and enter whatever parameters they want to enter into the client than a link that does things for them, including possibly some things they don't necessarily understand is happening.

Especially crypto-currencies where even on Linux systems, the client is often not under a package management system control and may be out of date.

QR codes pose the same problem but it is more difficult to trick a user into scanning a QR code, so it is harder to get the user's client to launch via a trick.

Reply via email to