For the authentication at dShot, finally, I have decided to use SteemConnect instead of asking private posting key of users.
Steemconnect is a centralized tool on the top of a decentralized chain. I have mixed feelings about it, however, with the current state it looks like the best solution for 3rd party app developers.
.
Asking private posting key may be a viable solution if you do everything on client side. (Broadcast directly to the api.steemit.com at frontend with JS.)
See this about steemconnect.
.
benefits for me:
if the website you use is compromised, you need to change your keys. With steemconnect you just remove an authorization. I am still reviewing the whole security model, but I am a little bit convinced.
Şifremi değiştirdiğim anda bütün Keyler değiştiği için, keyle işlem yapılan uygulamaları kullanırken gönlüm daha rahat oluyor.
Bence yerinde karar olmuş.
Ayrıca dShot için de şimdiden meraklandım ;)
/cc @omersurer
[Bu cc yöntemi de güzelmiş ;)]
Can you explain in more detail why you have mixed feelings about Steemconnect? I have not used it before, so I am clueless regarding this topic.
Imagine you have a platform using SC for authentication. If SC goes down, that means you're also down along with all platforms using it. That happened a couple of times and disrupted services of Utopian in the past.
I see, makes sense.
For someone who trusted SC before the barrier to entry might be much lower. If the site's creator is not well known in the Steemit community, I will not give away my posting key. Lack of trust might not be an issue for your site's though.
I share the same mixed feelings. I don't think it's worth it to use it if the permission needed aren't higher than a posting key. I mean you're not gonna be able to do a lot of harm with a posting key, if you get an active key though...
So yeah steemconnect only if necessary.
Thanks for sharing the informations
Stop posting spam or you will get flagged.