Qortal Project

The future of blockchain platforms

User Tools

Site Tools

Trace:
browser_trading_security_risk

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
browser_trading_security_risk [03/17/2021 02:27] gfactorbrowser_trading_security_risk [02/03/2022 03:57] (current) gfactor
Line 1: Line 1:
 ====== Browser Trading Security Risk ====== ====== Browser Trading Security Risk ======
 +{{:qortal_official_logo_transparent_.png?400|}}
  
-When accessing Qortal's UI by Crowetic's (http://node21.qortal.org:12388) or anyone else'community node, it is NOT recommended to trade. It seems that the Trade Portal info did not generate when we tested this service out in the browser while accessing the UI through Crowetic's community node, but a trade was still able to be listed on chain+The risk is that a bad actor could setup a community node and steal coin keys. The trade bot has to have the keys in order to issue the transactions on your account'behalf, so that means the community node you are accessing would have your keys. This is why the core limits you to using localhost to issue trades.
  
-URL http vs https: Qortal does not need SSL (which is the S in https) when you are connecting to Qortal's UI. You only need SSL when you are connecting to another computer. There is no information leaving your browser when you access Qortal's UI http address as data is only pulled FROM the server and loaded, but nothing is sent back from your computer to the server. So SSL is entirely not necessary in the particular case of accessing Qortal's UI via web browser to Crowetic's community node. +The best advice is to set up your own node and have complete control over your node! There’s no reason to access Qortal on any other device than what you directly control
- +
-The risk is that a bad actor could setup a community node and steal LTC keys. The trade bot has to have the LTC keys in order to issue the transactions on your account's behalf, so that means the community node you are accessing would have your keysThis is why the core limits you to using localhost to issue trades. So again, DO NOT ACCESS THE QORTAL UI VIA COMMUNITY NODE AND USE THE TRADE PORTAL SECTION since it that service utilizes the trade bot and has access to your LTC keys!+
browser_trading_security_risk.1615962444.txt.gz · Last modified: 03/17/2021 02:27 by gfactor

Page Tools