You are viewing a single comment's thread from:

RE: [Steem Secure Login] New Logo And All Methods done (27 Api Methods and 50 Broadcasts and 4 Fromatters) Added And Documented

Ok so now I'll comment as a SteemConnect dev :)

Steem Secure aspire to be an alternative for Steem Connect, which has got security holes.

First you can't say that without providing any kind of prood or code analysis. But if you got some thing concrete, please, by all means, tell us about it. We'll be more than happy to fix it.

The utopian 'hack' was really unfortunate but the issue was with their servers and had nothing to do with SteemConnect. And I would even not call it a hack. When you have the keys to the house you can't consider this breaking in.

imagine what would happen if steem connect token would give utopian rights to transfer funds.

Here again that is the proof that you don't understand what is done by SteemConnect. Like I said in some of my posts:
SteemConnect has authority on apps created on the website. Those apps don't hold the keys to the account. Even app owners (they are more app creators) don't have those keys. So no money can (well shouldn't) move from or to those accounts.
When a user authorizes an app on his account it means that the app is added in the posting auths.
Check my profile on https://steemd.com/@gregory.latinier you will see that apps are added only in the posting field
image.png

So no transfers what so ever can occur using SteemConnect related apps. I've repeated it many times !

Lastly your solution requires an action from the user but how do you solve problems where a vote, a post, a comment must be wrote from the server side of an app for an automated task.

So please be careful when you're making assumptions about other projects and be sure of what you're talking about.

Nevertheless it nice to see developers making an effort on the Steem ecosystem!
Keep working on that.

Sort:  

I think, I understand your solution. I think there are security holes which you won't cover and by that I mean, thirdparties poor security. SteemConnect always trust thirdparties, my solution does not. With your system even after adding IP verification there is always possibility hackers will brake on thirdparty server and send some transactions with usage of stemconnect token.

I think it could be devastating for trustment to any thirdparty.

Your solution does not provide live transactions options (and because of its nature its good), my solution can provide it.

My solution assums very limited or even no trustment for thirdparty webpages, you never know how poorly they could be done.

I understand disadvantages of my solution, neccesity of installation, not ful cover of mobile browsers and no possibility of server side processes (like automated voting), however if you want give someone your private posting key, go ahead and do it there is no need for steemconnect I don't see a big threat in that. I gave my posting key long time ago to
steemvoter.com

I treat security in blockchain technology very serious and I think when more thirdparties will occur and more upvotes would be stolen, people may really stop trust your solution, although the thirdparties will be responsible.

What you think about my opinion and concerns?