You are viewing a single comment's thread from:

RE: Proposal To Make Steemit Safer

in #steemit7 years ago (edited)

As long as Steemit does not offer an authentication service, third-party server-side solutions which handle keys and/or passwords will definitely be a security problem. Also, determining which service is trustworthy simply is not possible.

I can think of a work-around, however.

Let's say a third party service shall be able to create posts. This service could just store new posts and flag them as unpublished.

Then you would have to tie this service to a pure frontend solution (for example a mobile app), that is a hundred percent open-source and works as a middleman.

This app should store the required keys on your device only, fetch the unpublished posts from the third party service and submit them to the blockchain.

If you do it this way, your keys would never be shared.

Sort:  

That is a good suggestion, but sadly not viable for all types of apps.
If the app, for example, requires a service worker to work in the background, and broadcast events to the blockchain, the service worker will need the user's key.

In this case, the only option would be a middleman frontend running 24/7, fetching all automatically generated events.

Of course, I see your point, since being online with your smartphone day in day out or having your workstation at home online all the time can not be considered a good solution for this type of problem.

I guess, in the case of pure user-triggered actions, the middleman approach would be adequate, since it could be done with a very tiny and straightforward app, which could handle multiple third-party services.

However, for sever-side solutions like service-workers, we would definitely need an authentification interface on Steemit, or have a lot of trust in the third party :)