Qortal Project

The future of blockchain platforms

User Tools

Site Tools

Trace: browser_trading_security_risk

Sidebar

Qortal Project Wiki

- Home
- Verified Links
- Qortal Status Updates (old page)
- New Status Updates
- Wiki Site Updates
- Donations

Important Notices

- Account Recovery & Backup File
- Only Use Official Releases
- Remote Access Security Risks
- Scammers Attempting To Steal
- Browser Trading Security Risk
- Sending Coin To/From Exchanges
- Attention Sponsors (Level 5+)
- Port Forwarding & uPnP

Introduction

- Quick Start Guide
- Qortal 101
- Qortal Project Overview
- Qortal In A Nutshell
- Qortal Project Background Info
- Founding Team Hardships
- Community Leadership Structure
- Launch Phases

Project Model

- The Qortal Model
- Fundamental Principles
- The Qortal Credo
- The Future of Qortal
- The Big Picture of Qortal
- The QORT Coin
- The QORA Transition
- Comparison To ‘Similar’ Platforms
- Account Types
- Node Types
- How Qortal’s Consensus Works
- How Auto Updates Work
- State-of-the-Art Security
- Authentication System
- Name Registration
- Communications
- Web Hosting
- Application Hosting
- GitHub Replacement
- Mesh Networking

Minting

- Minting Overview
- Leveling System
- Block Rewards & Distribution
- Block Rewards and Distribution (new)
- Sponsorship Questionnaire
- Future Modifications

Communications

- Q-Chat
- Q-Mail
- Message Encryption

Trade Portal

- Trade Portal Overview
- How The Trade Portal Works
- Trade Fees
- Coin/Token Listings

Qortal Hosting (QDN)

- QORA Original Data Hosting Model
- Qortal Data Network (QDN)
- QDN Updates
- Q-Apps

Voting System

- Voting System Overview

AT System

- AT System Overview
- Lottery System

Hardware

- QORTector & QORTable Overview
- QORTector 3D Printing Files

- Interviews/Podcasts
- Information Videos
- Official Images/Press Kit
- Memes & Image Designs
- Press Releases & Newsletters
- What is the Qortal Project?
- Qortal 1 Year Anniversary!
- Qortal 2 Year Anniversary!
- Qortal Overview PowerPoint
- Third-Party Publications

Frequently Asked Questions (FAQ)

- Qortal Glossary
- Project FAQ
- Core FAQ
- UI FAQ
- Minting FAQ
- QORA-QORT FAQ
- Trade Portal FAQ
- QDN & Q-Apps FAQ

How-To Guides

- Help Videos
- Account Setup & Recovery
- How To Register A Name
- How To Change A Name
- OLD Becoming a Minter
- Becoming a Minter (NEW)
- Re-Adding Your Minting Key
- How To Use The Trade Portal
- Trade Portal Coin Recovery
- QORTector Walkthrough
- QORTector Update Guide
- Port Forwarding
- SSH Tunneling
- How To Configure A Node For Direct UI Access (without SSH tunneling)
- How To RDP
- API Calls
- How To Update Qortal & .jar File
- How To Bootstrap & Delete The DB
- How To Edit Qortal Core Settings
- List Of Terminal Commands
- Qortal Official Repo - Build & Run
- How To Build Qortal UI From Source
- How To Host Your Public Data
- How to Setup A Gateway Node
- Ubuntu 22.04 With Cinnamon Desktop Setup
- How To Make A Cold Wallet
- OLD How To Sponsor
- Sponsoring New Minters
- How To Reduce Bandwidth

Node Setup Guides

- Linux (Debian+Ubuntu+Mint)
- Mac
- Windows
- Raspberry Pi 4
- QORTector
- VPS
- Qubes OS
- Android Termux
- Qnect App

Third-Party Services

- Crowetic.com
- QORTEX
- Exqlorer.com
- Explorer.qortalnodes.live
- Qombo App
- ReQorder App
- MintMeister App
- Marketwatch
- Node Monitor
- Community Fund (Unofficial)
- Coin Trading Co.
- Qortal Rust Server
- Qortal Minecraft Server

browser_trading_security_risk

This is an old revision of the document!

Browser Trading Security Risk

When accessing Qortal's UI by Crowetic's (http://node21.qortal.org:12388) or anyone else's community node, it is NOT recommended to trade. It seems that the Trade Portal info did not generate when we tested this service out in the browser while accessing the UI through Crowetic's community node, but a trade was still able to be listed on-chain.

URL http vs https: Qortal does not need SSL (which is the S in https) when you are connecting to Qortal's UI. You only need SSL when you are connecting to another computer. There is no information leaving your browser when you access Qortal's UI http address as data is only pulled FROM the server and loaded, nothing is sent back from your computer to the server. So SSL is entirely not necessary in the particular case of accessing Qortal's UI via web browser to Crowetic's community node.

The risk is that a bad actor could setup a community node and steal LTC keys. The trade bot has to have the LTC keys in order to issue the transactions on your account's behalf, so that means the community node you are accessing would have your keys. This is why the core limits you to using localhost to issue trades. So again, DO NOT ACCESS THE QORTAL UI VIA COMMUNITY NODE AND USE THE TRADE PORTAL SECTION since that service utilizes the trade bot and has access to your LTC keys! In other words, DO NOT USE THE TRADE PORTAL if you are using a community node for security purposes!

browser_trading_security_risk.1616017565.txt.gz · Last modified: 03/17/2021 17:46 by gfactor

Page Tools