Solution to storing the posting key...
I've thought of a solution to having to store the posting key.
- On the server, create a private-public key pair.
- On the login form, send the browser the public key.
- The browser then uses javascript to encrypt the posting key using the public key.
- The server then stores the encrypted posting key in the session.
- Any time the server needs the actual posting key, it uses the private key to temporarilly decrypt it, but doesn't store it.
- When session ends the encrypted posting key is lost, forcing user to login again to use the forum.
This can be further security improved by changing the public-private key pair at periodic intervals. Or using a different pair for each client IP address or a combination of such methods.
A non javascript version would require the unencrypted posting key to be sent once, upon login and encrypted by the server and entered into the session. (I say unencrypted, it would still be protected by https).
That would unfortunately require the entire operations library to run on the server as opposed to in your browser, wouldn't it?
Right now all operations are performed by your browser, and never actually sent to any of my servers, instead being broadcast directly to the blockchain itself.
Okay, here is a reversed solution...
I should probably add that in this case public key cryptography is probably redundant and a single key method could effectively be substituted.
Okay. I missed the word local in the warning message. Oops. I probably wouldn't have logged in on a work laptop if I'd realised.
Congratulations @antonchanning! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Award for the number of comments received
Click on any badge to view your own Board of Honnor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP
By upvoting this notification, you can help all Steemit users. Learn how here!
Thank you very much for the advice. A very pleasant day
I follow u, follow me back if u want lot of fun and amazing picture every day.