[Steem Secure Login] Login System Implemented

in #utopian-io7 years ago (edited)

Steem Secure Login - The safest way to interact with steem blockchain through thirdparties.

With this system utopian.io couldn't be attacked.

Steem Secure Login

Languages

  • JS, ES6

What exactly has been done

Fully working login popup with nice design had been created. Login system base implementation had been created. System logs us only on the pages we choose other pages doesn't get access to transactions signing interface.
We get fully working programming interface to interact with steem blockchain which knows nothing about private keys which are stored deep inside extension where webpage doesn't have access. Check-mate hackers :)

How to install it 


 1. npm install
 
 2. npm run build
 
 3. Now choose browser and procceed with online guidelines to: "temporarily install an extension for testing and debugging"
 In build folder you will find created by previous command corresponding extensions code.

How to use it now, check how it works

1. Login through the popup into extension.

2. Open developer console (in chrome F12)

3. Type for example this line of code:

SteemSecure.broadcast.transfer("bartosz546", "1.000 STEEM", "", function(err,res){console.log(err,res)});

This line will send 1 STEEM to bartosz546, transaction signing proccess will take place deep into the extension.
Browser does not have access to it.



Posted on Utopian.io - Rewarding Open Source Contributors

Sort:  

This idea looks very promising! I keep fingers crossed for Your project :)

With this system utopian.io couldn't be attacked

Utopian used users keys to offline access in order to modify articles structure on behalf of author. This is not possible using Your browser extension.

Yes you are right. I think no one should have ever access to your account. In my opinion utopian shouldn't have possibility to make these changes. If they need some additional informations for interior proccessing these informations could be added for example in the comment.

@mys if you want to know more how my solution works I released youtube tutorial:


It is also mentioned in next pull request and in project documentation.

Hey @bartosz546
Thanks for contributing on Utopian.
We're already looking forward to your next contribution!

Contributing on Utopian
Learn how to contribute on our website or by watching this tutorial on Youtube.

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!

Thank you for your contribution. The only thing is that you do not need active key always and for Utopian, it has to gain access from you to post on your behalf and I do not feel this could have been solved by just a browser extension.


Need help? Write a ticket on https://support.utopian.io.

Chat with us on Discord.
[utopian-moderator]

Hey :)
It would be resolved. In future updates the login popup will have similar checkboxes as in steemconnect and you will chose which privalages you want to give to the page. Whats more extension will warn you if some suspecious operations will try to have place (for axample transfer a lot of steem) and you will have then to confirm operation :)