< Is gemini a read-only protocol?

Parent

~lufte

I agree that I should be able to use midnight.pub with all features from gemini. My concern was with CSRF (Cross-Site Request Forgery), not encoding. In the web this is a solved problem by using hidden form inputs, but we have no such thing in gemini. Although you could do it by generating dynamic URLs with a random code that gets verified by the server... I would need to think about it :D

Also, beware that SENSITIVE INPUT is only a cosmetic feature: your input still travels in the URL. The only distinction is that clients should not print on the screen the input as you type it, to prevent "shoulder surfers".

Write a reply

Replies

~dsp wrote (thread):

Ohhhh I see. I haven't dug in to all the details yet, in that case yeah not sure how to login other than maybe a 6 digit one time password somehow? and that gets messy. I hope to implement a client in a month or two once I finish a few things and so I'll need to learn at least the basics.

Maybe a signature for the text based on a public key setup previously over a browser? That does sound close to another protocol though so maybe it's right that it shouldn't be in gemini at all?

Now I'm even more ambivalent than I was! ahaha. I'm going to have to think about it.

cheers