You are viewing a single comment's thread from:
RE: A new start for SteemConnect
DTube store keys in localStorage, if someone hack DTube server he can modify the code to retreive users keys. When Utopian was hacked, the hacker only got some expirable token, users keys never been exposed.
And btw no it’s not local storage it’s indexedDB
A posting key can be reset at any time with the master.
DTube never got hacked this way, because my github account is way more secure than all servers setup by apps using auth of users
Many sites are using offline tokens, if they get hacked, the users are screwed equally like putting the private key directly into. But the hacker doesn't even need to get it from the localStorage but take it directly from the database of the server. And its not really easy to prevent phishing here either.
Why not making a solution like steem keychain for all browsers? =)
Yeah did everyone forget utopian-io and the compromised keys via steemconnect? I guess so. Amnesia?