Qortal Project

The future of blockchain platforms

User Tools

Site Tools


Sidebar

Qortal Project Wiki

QORT Project Model

Important Notices - MUST READ

QORT Minting

QORT Communications Plugin

QORT Trade Portal

QORT Voting System

QORT Data Hosting

QORT Hardware

Frequently Asked Questions (FAQ)

QORT How-To Guides

browser_trading_security_risk

Browser Trading Security Risk

When accessing Qortal's UI by Crowetic's (http://node21.qortal.org:12388) or anyone else's community node, it is NOT recommended to trade. It seems that the Trade Portal info did not generate when we tested this service out in the browser while accessing the UI through Crowetic's community node, but a trade was still able to be listed on-chain.

URL http vs https: Qortal does not need SSL (which is the S in https) when you are connecting to Qortal's UI. You only need SSL when you are connecting to another computer. There is no information leaving your browser when you access Qortal's UI http address as data is only pulled FROM the server and loaded, nothing is sent back from your computer to the server. So SSL is entirely not necessary in the particular case of accessing Qortal's UI via web browser to Crowetic's community node.

The risk is that a bad actor could setup a community node and steal LTC keys. The trade bot has to have the LTC keys in order to issue the transactions on your account's behalf, so that means the community node you are accessing would have your keys. This is why the core limits you to using localhost to issue trades. So again, DO NOT ACCESS THE QORTAL UI VIA COMMUNITY NODE AND USE THE TRADE PORTAL SECTION since that service utilizes the trade bot and has access to your LTC keys! In other words, DO NOT USE THE TRADE PORTAL if you are using a community node for security purposes!

browser_trading_security_risk.txt · Last modified: 2021/08/06 22:26 by gfactor