You are viewing a single comment's thread from:

RE: Utopian.io Hack - May 3rd - May 4th 2018. No Wallets Or Keys Compromised.

in #utopian-io7 years ago (edited)

@heimindanger we had a review system in place, where users could make a poll to verify the quality of the post and the final score stored in the blockchain for the original post, among with other similar functionalities. You can't just request for a user consent on every single operation that makes the site functional.

Sort:  

Arguably I have much less need for this type of 'server side' feature. A good example for DTube is the feature to schedule when your video gets published, I've received that one a lot.

Still I believe this ability from SteemConnect to create arbitrary tokens in the name of your users, and giving the power to these tokens to vote or comment or whatever, to be a security issue for the whole network.

So basically you edit the post and put some extra data in it, and for that you need access to the original poster account. You could do that without the user account by using a custom_json operation or inside of a json_metadata of a comment of the post (and using the @utopian-io acc).

Working with compromises is always hard. Any established social media platform has a solid Oauth system in place and we should focus on how we could implement the most secure and customisable tool, while not hurting the user experience. I believe there is room for improvements on that. Hacks happen everywhere and at any level, it is always a question of how you could minify the consequences. Obviously we were not ready for this.

I think every one will agree that in all the systems we can find some problems wich we can use for overself. Hackers are trying to find probelms in systems and to make 100% secure system i think is imposibble.