Looks great, but one security question. What keys am I required to provide to the tool/service? That would be the biggest factor for me.
You are viewing a single comment's thread from:
Looks great, but one security question. What keys am I required to provide to the tool/service? That would be the biggest factor for me.
We agree that security is very important and we strive to provide most secure way of handling user keys. Our app uses multi-authority permission feature, which modifies account metadata to share posting authority with our account @oneplace.app. Such change requires signing transaction with your private active key. This method is also used by a lot of apps in the Steem ecosystem and all users can check modifications to their authority list on https://steemd.com/@account
Why we chose this method as the most favourable for security:
Of course we realize it still requires trust that's why our application is fully open-source (GitHub) and open for scrutiny and review by other developers. We also plan to implement an option to use SteemConnect, which is already trusted by many users to handle their private keys.
Steemconect is a good solution for this! I think it will increase users on your app. As everyone known , scammers and thieves are everywhere on steemit. I will never trust anyone my private keys and I don’t know any app that requires active private keys either. I trust steemconect and will be back as soon as you start to use it.
Much better to have software that runs on the desktop for managing authority. I have one in development now
Much better to have software that runs on the desktop for managing authority. I have one in development now
Actually if the user could provide his posting key each time and you are only posting, you wouldn't need the active key.