Add context for limiting before timestamp

This commit is contained in:
Seth For Privacy 2023-06-09 11:19:23 -04:00 committed by fiatjaf_
parent d435ffc39c
commit 3e03b4b67f

4
26.md
View File

@ -52,7 +52,9 @@ For example, the following condition strings are valid:
- `kind=0&kind=1&created_at>1675721813`
- `kind=1&created_at>1674777689&created_at<1675721813`
For the vast majority of use-cases, it is advisable that query strings should include a `created_at` ***after*** condition reflecting the current time, to prevent the delegatee from publishing historic notes on the delegator's behalf.
For the vast majority of use-cases, it is advisable that:
1. Query strings should include a `created_at` ***after*** condition reflecting the current time, to prevent the delegatee from publishing historic notes on the delegator's behalf.
2. Query strings should include a `created_at` ***before*** condition that is not empty and is not some extremely distant time in the future. If delegations are not limited in time scope, they expose similar security risks to simply using the root key for authentication.
#### Example