Comments (8)
Step 1 is a permissions prompt. Step 2 is hosting app code on signed hash logs, for versioning and integrity checks. Step 3 is software certificates by auditors, possibly a web-of-trust system
On Jun 6, 2016, at 4:15 PM, wanderer [email protected] wrote:
currently the way several decentralized systems (ethereum, ipfs) work with browser is to expose an RPC that is running locally. The problem with this a currently implemented is that any page could access those RPCs and do malicious things (ex. a page could access ipfs's rpc and pin some child porn).
I don't know the best way to secure this. But it would be nice to have some way to selectively expose RPCs to the pages.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
from beaker.
how would step 1) work? Lets say we just want to drop in IPFS. It doesn't have any built mechanism to selectivily expose it's RPC to pages. So we have to have some sort of container around IPFS (or any other locally running http based RPC) that can control what is exposed and do things like permissions promets, i think...
from beaker.
Yeah we might do it that way. I dont think it'll be difficult.
from beaker.
Have you looked into Capn'Proto for rpc?
from beaker.
how could Capn'Proto be used for existing RPCs?
from beaker.
I haven't investigated it deep enough yet to be able to answer that, simply
wanted to point it out of you hadn't seen it yet.
On Wednesday, June 15, 2016, wanderer [email protected] wrote:
how could Capn'Proto be used for existing RPCs?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#1 (comment), or mute
the thread
https://github.com/notifications/unsubscribe/AAK8ok2vQJIox82vuDEfARMCMrhzXVvsks5qMDUzgaJpZM4IvaIM
.
from beaker.
Permissioning could be achieved by creating a whitelist of domains that have access to various sandboxed protocol apis. We could display an interface similar to existing ad blocker browser extensions when a page tries to access protocols outside its previous permission state. I imagine some kind of alert box that has the option to allow specific protocols on a per page, or per domain basis. Permissions could also be set before page load based on arbitrary out of band authentication schemes.
from beaker.
@5paceManSpiff that's what I'm thinking
from beaker.
Related Issues (20)
- [Question] JS: how to prompt self-cloning a site?
- FATAL:electron_main_delegate.cc(253)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.
- [6059:0925/061055.321176:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /home/BEAKER/beaker/scripts/node_modules/electron/dist/chrome-sandbox is owned by root and has mode 4755.
- Can't start Beaker on MacOS 11.6 HOT 3
- Watchlist eyeball icon pops up next to the menu button, but when I click it I go to `beaker://watchlist` which produces "This site can't be reached"
- When trying to open browser immediately after installtion Java.Script Error
- Error: Can't walk dependency graph: Cannot find module '@beaker/dat-serve-resolve-path' f HOT 2
- Consider dat support in brave browser, reconsider ipfs in beaker
- implementation 'com.google.firebase:firebase-analytics:17.4.1'
- implementation 'com.google.firebase:firebase-analytics:17.4.1'
- Javascript error immediately after installation HOT 1
- Web browser extensions
- No more development? HOT 7
- No space between words in interface
- Beaker Installation Issues
- What about adding Aggregore features into Beaker Browser?
- Beaker Browser with Solid
- no IDN?
- PR: Prepare for alignment with upstream code-oss web-modules HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from beaker.