The resource loading... loading...

How secure is it to retrieve an address as an external parameter?

Author: The bride too., Created: 2017-07-21 21:30:57, Updated: 2019-07-31 18:28:48

I use the Inventor Quantification platform to extract virtual coins from the exchange, and for convenience, I will extract the address as an external parameter, outside the program.

img

I am not afraid that someone will change the address of my withdrawal from ok withdrawal, because if someone stealthily changes my address, the withdrawal will fail if it is not the withdrawal address of ok certified.

However, exchanges such as polonix and btc-e do not require authentication of the withdrawal address, and if someone secretly changes the external parameter of the withdrawal address of my program, my coins are lost.

While no one else can see my code, how many of the administrators who have a platform can see my token address and modify the token address?

I'm curious, how safe is it?


More

ZeroThis information belongs to sensitive information, can be used as encryption control type parameters, the system will be saved, using your password as a secret key seed to encrypt, anyone including the platform also can not see the actual saved content, because the encryption is all done in the browser, the server only save the encrypted information, security verification is not every time pop up, generally only pop up once, if you do not refresh the current page, if you enter a password, the next time refresh or reopen, you do not need to enter again.

Inventors quantify - small dreamsThe security mechanisms were considered early on ^^

Inventors quantify - small dreamsIn the interface parameters, enter a secret key that BotVS will recognize, and the controls will use encrypted strings, not strings, to detect if the sensitive data browser end is encrypted, for example: This is a list of all the different ways Dn-filebox.qbox.me/89bb7724940a89ce5db08b38def691e9d99d6b0a.png is credited in the database. If you don't have a BotVS password, no one can change it.

The bride too.I'm not renting your strategy, but I'm guessing that the poloniex's withdrawal address (i.e. chbtc's charging address) must be used as an interface parameter. If the tenant's botvs account is stolen and the modified parameter is not verified, the coin is definitely lost.

The bride too.Boss, you and Little Dream are talking about finding a way to keep my parameters from being seen. In fact, in many cases, I am not afraid of others seeing my parameters, but I am afraid that after the account is stolen, someone will change my parameters.

The bride too.Boss, if this parameter is an api key, we need to prevent others from stealing it. However, the younger brother now this parameter is a forwarding address, oh, actually not afraid of others to steal, but afraid of others to modify, he wrote his address, I am not tragic. Both are not the same.

Inventors quantify - small dreamsIt should be detected sensitive information will pop up, I'm the one who is detected API KEY will pop up, do not do other settings, automatically.

The bride too.This type of controller is just saying that no one else can see it.

The bride too.Thanks for the reply, botvs, I love you to death.