Comments (7)
theoreticalbts
commented on August 22, 2024
I thought the only supported configurations were:
- Connecting a native wallet such as
cli_walletto a trusted full node running on localhost or through a secure network path - Using a hosted wallet
If you use the first approach, you trust the full node because you control it. If you use the second approach, you trust the hosted wallet provider not to send you JS which steals your private keys. Taking away the provider's ability to lie to you about the chain state doesn't take away their ability to steal your funds if malicious / hacked. Neither of the use cases we plan to initially support are affected by this attack vector.
from graphene.
jcalfee
commented on August 22, 2024
account_create and account_update owner, active
If that is setup wrong, there could be big trouble in the near or distant future...
Search generated sterilizer_operation_types for "to_account" to find more...
https://github.com/cryptonomex/graphene-ui/blob/master/dl/src/chain/serializer_operation_types.coffee
The encrypted memo could be protected by having a to name and the blockchain address used to create the shared secret. A witness would have to ensure that they match. In this case I believe the transaction should be prevented from providing a to key_id..
The account's memo_key is vulnerable too, that one looks a bit complicated..
I was just thinking about support for named assets and accounts everywhere ... but that was too much in the way of code changes. Great idea, to narrow it down like this...
from graphene.
vikramrajkumar
commented on August 22, 2024
https://bitsharestalk.org/index.php/topic,16829.msg215313.html#msg215313
from graphene.
jcalfee
commented on August 22, 2024
How about "send to name" for transfer only. However, the CLI and GUI can give the option to append check digits and account ID onto the name... https://bitsharestalk.org/index.php/topic,16829.msg216606.html#msg216606
from graphene.
pch957
commented on August 22, 2024
Yes, web wallet is convenient, but it's poor security
once the JS file been replaced, all user's private key will been stealed.
this is the only way I can think to enhance security,
place the web server in a private network, keep ssl certify file safe.
and we should have another choice to get more security light wallet.
we need desktop application, mobile app ....
from graphene.
svk31
commented on August 22, 2024
A chrome extension would be cool as well
from graphene.
theoreticalbts
commented on August 22, 2024
We have an assert op, I will document how to do this.
from graphene.
Related Issues (20)
- Witness_node can not start under CentOS HOT 1
- Getting started - What parameters to set? HOT 1
- Cherry-pick the block timestamp validation patch to develop branch HOT 1
- Process to Reset a SmartCoin after a Blackswan Event HOT 10
- Bitshares issue HOT 3
- [Feature Suggestion] No Fee on User Side with Whitelisted UIA HOT 5
- Bitasset data
- Bitasset data HOT 9
- Check wallet.cpp calls to fc::ecc::blind_sum HOT 1
- Boost compatibility issue HOT 1
- Issue with macOS build documentation HOT 3
- _apply_block: don't skip trx signature validation
- Wiki instructions no longer valid HOT 3
- I use ubuntu 16.10. I have builded Boost 1.57.0. There are some errors when "make". Why? And,should I must use Ubuntu 14.04? HOT 2
- what is wrong? HOT 2
- Error when install graphene HOT 2
- Transaction object
- Adding stop loss in DEX HOT 1
- forum or mailinglist? HOT 7
- Date of Orders HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graphene.