You are viewing a single comment's thread from:
RE: REMINDER: STEEMIT Scripts available to "Hide/Show ReSTEEMS", enable your "Post Vote Slider", and to "Vote Past Payout"!
my scripts don't need access to any private keys, because they hook into STEEMIT's post voting methods.
HOWEVER, any script that runs inside the STEEMIT.com browser "sandbox" can potentially access any of the same private keys that STEEMIT can.
Why should they run inside that sandbox?
how else would they modify the GUI, even if only to add a single button such as "hide resteems" along with the javascript code to hide/show resteemed elements?
Well as I'd imagine sending everything that has to be signed in a message to a private memory space you'd do the same for objects which need to modified. I'd believe you if you'd say that it wouldn't be very efficient and practical but from a security standpoint. If we'd be talking about private keys to big funds then I would let my private keys live in an encrypted vault like
KeyChainon MacOS and just send messages to be signed through the sandbox back and forth. But in any case thanks for explaining, I should probably write up a post about it and research this topic. It's been years I've looked at these problems so...But indeed now I realize that you'd have to authorize everything by hand if you were to send messages anyway which would make the whole thing unpractical.
👏👏👏
Yeah man thanks for having patience with me I really appreciate it. You know I always wanted to find out things for myself and I like to dream and imagine :-)