You are viewing a single comment's thread from:
RE: Steemit's Security Values & How Steem Keychain Can Help
This feature has already been implemented a while ago. You can whitelist a certain operation requested by a certain website. Only transactions using the active key cannot be whitelisted
Active key transaction is exactly what I meant actually. What was the concern not to allow whitelisting transaction that requires actuve permission?
I understand user's fund maybe at stake and that might sounds like posting a risk to the real money. But at least provide an option for those who would like to whitelist that kind of operation? That would really helps the mass adoption of Steem especially in the DAPP like dice game. And that to me is the final form how Keychain should be like. Users get to customize it to their most convenience.
Posted using Partiko Android
A website whitelisted to use active authority by a user could, if falling into wrong hands :
I think the tradeoff between security and convenience is too big here, thats why we only authorize listing for actions requiring posting authority, since they don t have a direct impact on stake.
I agree and they are all valid concerns. But you can still offer user the ability to decide whether they are willing to go for the tradeoff or not. Maybe the whitelisting process can be more hidden in the setting or put up a significant warning sign in the whitelist page for active authority. Option are tons.