RE: Steemconnect sessions should expire when a password is changed
Hello, @blockchainstudio. Thank you for being a consistent contributor to the suggestions category. We appreciate all of your efforts made to improve open source projects with reasonable ideas. That's said, I like the idea of having the login session expire once a user password has changed at least for security purposes. This is indeed a simple idea yet very important. While funds cannot be stolen from the current behavior of SC, a possible attacker still has the advantage of burning your VP/Manner.
The reason you might not have gotten any response from the PO or the project development team yet on the issue you created on the project repository could possibly be because they are working on a new version of SC (version 3) with a unique login feature which could possibly cover this idea you have suggested.
I'd recommend you to go through the project update on this post and base your subsequent suggestions towards them. Suggesting features focused on version 2 may be considered not valuable to the project since they already have decided to focus on implementing or developing a new/better version of the application.
Again, thank you for using Utopian and I'm looking forward to seeing more detailed and thoughtful idea contribution from you.
Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Chat with us on Discord.
Hi @knowledges, Thank you for your time but i somewhat disagree with what you wrote in several points and would like to make some suggestions for you too.
Suggestions should be evaluated by your assumption on future version? I believe many people even didn't recognize this security problem. While I think this is a very important idea, if you think differently that’s absolutely fine. Although I strongly don’t agree with the score of 34 (based on what I’m writing on this comment), it’s a really your decision and right.
I once left a comment on some SC3 post but didn't get reply either (this is generally the same for many other projects), which I totally understand because I also tend to forget to reply. But because of that, I think opening the issue on GH is quite enough and actually much more official way, unless you think they don't even need to monitor the GH of the current version if they're planning newer version. Maybe you didn't recognize, I always try my best to contact PO. By the way, you also didn't reply to my question before, again which is totally fine. But that's why I prefer GH issue than a comment on some old (3-month old in this case) post.
I just mentioned SC2 since there is no repository for SC3 yet. How you think I'm suggesting for the current version only? I can't believe this. Of course it's also for SC3 and any future product. Shouldn't it be already assumed?
While it takes quite a time to write a suggestion post (much less than my time value. I don't do this for voting.), I've been happily trying to help the several projects, but well. So I think I deserve to say this. You sometimes defend the PO too much and too strict on contributors. I'd appreciate if you could use more encouraging wording. Of course, I really appreciate and respect that you know many previous postings and try to find the duplicate and such. So don't take me wrong, and hope this could be a good suggestion for you too. Thank you.
Suggestions are evaluated based on the possible benefit or value they bring to the project you are suggesting the idea to. The proposed version (SC3) was first announced by @fabian who is one of the devs working on the current version, then a more in-depth or technical details of SC3 was published from their official blog account (@steemscript) which I believe have enough information to reveal the PO's intention towards working on a new version. IMO I don't think that the post age really matters. Sadly, it is pretty hard to get the PO or project maintainers to respond to issues easily or quickly.
I am sorry if you find my comment feedback not encouraging or think that I am trying to defend the PO. I was only trying to give some helpful feedback with no intentions of being subjective.
Most of the time, we appreciate the PO's input on suggestions contributions like this one. Usually, this gives us (the reviewer) a better understanding of the PO's intention towards the proposed idea and the benefit the idea could bring to the project. Not having the PO's input or acknowledgment sometimes makes the evaluations process stiff, especially when the PO had already announced the development of another version of the app. That's said, I appreciate your kind effort for creating an issue on the project repository for each bug/idea report.
Thank you for your review, @knowledges! Keep up the good work!