diff options
Diffstat (limited to 'core/api-sync.rst')
-rw-r--r-- | core/api-sync.rst | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/core/api-sync.rst b/core/api-sync.rst index 0b692b2d..2add73ef 100644 --- a/core/api-sync.rst +++ b/core/api-sync.rst @@ -374,11 +374,11 @@ Synchronization user experience The menu should include three entries for synchronization: * "synchronize" to manually trigger synchronization, - insensitive if no synchronization provider is available + insensitive if no synchronization provider is available * "export backup configuration" to re-display (and possibly - print) the synchronization and backup parameters (URL and - private key), insensitive if no synchronization - provider is available, and + print) the synchronization and backup parameters (URL and + private key), insensitive if no synchronization + provider is available, and * "import backup configuration" to: * import another devices' synchronization options @@ -397,10 +397,10 @@ private key. It is likely better to map private keys to trustwords (PEP-style). Also, when putting private keys into a QR code, there is the danger of the QR code being scanned and interpreted as a "public" URL. Thus, the QR code should use the schema -"taler-sync://$SYNC-DOMAIN/$SYNC-PATH#private-key" where -"$SYNC-DOMAIN" is the domainname of the synchronization service and -$SYNC-PATH the (usually empty) path. By putting the private key after -"#", we may succeed in disclosing the value even to eager Web-ish +``taler://sync/$SYNC-DOMAIN/$SYNC-PATH#private-key`` where +``$SYNC-DOMAIN`` is the domainname of the synchronization service and +``$SYNC-PATH`` the (usually empty) path. By putting the private key after +``#``, we may succeed in disclosing the value even to eager Web-ish interpreters of URLs. Note that the actual synchronization service must use the HTTPS protocol, which means we can leave out this prefix. |