You are viewing a single comment's thread from:

RE: New feature: detection of malicious code in blocks [XSS, SQL INJECTION, CSRF]

in HiveDevs4 years ago (edited)

@tngflx No, I'm not sure if anyone ever compromised a site/app in that way but I've seen people testing those attributes too, yes.
Eg. See louis88 (dev, good guy) testing various fields (in several frontends) including communities names and tags: hive.blog/@louis.random

And bear in mind that this bot scans every single type of operation published into Hive, not only the json metadata of posts and comments. I check for leaked keys and potential malicious code in: comment, transfer, custom_json, vote, account_create, account_witness_vote, .. you name it.

When I did find an active key in an account_update operation it taught me that some human errors will surprise you.

The highest values of saved accounts that leaked their ACTIVE keys so far are: $ ~28,000, $8,000, $1,000.   :)