You are viewing a single comment's thread from:

RE: 20 SOLID REASONS TO STEEM on STEEMPEAK.COM

in #steempeak6 years ago

So SteemConnect has facility to use the posting key login ? Because In most of the apps, when it redirects to SteemConnect , it asks for the active key. Can you explain where it would need the active vs Posting key ? And is it on the app to decide that ?

Sort:  

Yes, the app decides which authorities to request from the user. It's totally possible to only allow the posting authority, or even LESS than that with SteemConnect!

The bad thing with SteemConnect, is that any app developer can use the authorities of users who logged in on their app. For example, I totally can upvote as all the people who logged in on DTube with SteemConnect. I will not do it, but I could.

Sometimes back I had raised this with dmania, and I was told, it was not possible, I wonder, why all the apps are not using this. And may be it could be restricted from SteemConnect as well, to force to use a posting key for apps.

Do you encrypt the stored key?

No. If we did we'd have to ask you for your decryption key on each new session or transaction. SteemIt doesn't encrypt it either.

As long as your computer is safe and everything is done client-side, what would be the purpose of encrypting it? Don't you keep your posting key unencrypted in your pc already?