💾 Archived View for midnight.pub › replies › 3869 captured on 2022-07-16 at 15:50:30. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-04-28)
-=-=-=-=-=-=-
< Is gemini a read-only protocol?
I agree that I should be able to use midnight.pub with all features from gemini. My concern was with CSRF (Cross-Site Request Forgery), not encoding. In the web this is a solved problem by using hidden form inputs, but we have no such thing in gemini. Although you could do it by generating dynamic URLs with a random code that gets verified by the server... I would need to think about it :D
Also, beware that SENSITIVE INPUT is only a cosmetic feature: your input still travels in the URL. The only distinction is that clients should not print on the screen the input as you type it, to prevent "shoulder surfers".
Ohhhh I see. I haven't dug in to all the details yet, in that case yeah not sure how to login other than maybe a 6 digit one time password somehow? and that gets messy. I hope to implement a client in a month or two once I finish a few things and so I'll need to learn at least the basics.
Maybe a signature for the text based on a public key setup previously over a browser? That does sound close to another protocol though so maybe it's right that it shouldn't be in gemini at all?
Now I'm even more ambivalent than I was! ahaha. I'm going to have to think about it.
cheers