You are viewing a single comment's thread from:

RE: [Tutorial] How to add Steemit login to your site with SteemConnect

in #tutorial9 years ago (edited)

SteemConnect doesn't store your password

That's not true.

Good tutorial. But I think we need to highlight the risks of using a login-related service.

9 years ago in #tutorial by
$0.00
    Reply 4
    Sort:  
  • Trending
    • [-]
     9 years ago  

    Security and flow
    On Log In
    You fill your password or posting wif on Steem Connect login form.
    If you filled a password it’s converted to posting wif in browser side.
    The posting wif is encrypted with csrf token on browser.
    A request is sent to the server with the encrypted posting wif.
    Server decrypt the posting wif then encrypt it with a server secret salt and create a cookie which is saved in user browser.

    I thought that meant it's not saving the password directly? I will gladly correct the post. Please elaborate. Thank you.

    $0.00
      Reply
      [-]
       9 years ago  

      I was wrong. My bad.

      $0.00
        Reply
        [-]
         9 years ago (edited) 

        Sorry but you mistaken, that's true. SteemConnect never store your posting WIF. It stay on your cookie encrypted. Here some information about our flow: https://steemit.com/steemconnect/@busy.org/steemconnect-beta-release-note

        $0.00
          Reply
          [-]
           9 years ago  

          I was wrong. My bad.

          $0.00
            Reply