[bisq-network/bisq] Minimal api (#3001)
battleofwizards
notifications at github.com
Thu Aug 29 07:49:12 UTC 2019
> > The authorization based on a fixed token is not secure against replay attacks
>
> What fixed tokens? You get a new token each time you sign in and they have certain lifetime.
To protect against replay attacks authorization must be unique per request. Not per session.
> This is industry standard.
This is insecure for moving money. Please learn about replay attacks.
> No, the API is meant to be used over TOR, and at some point to be consumed by mobile clients.
Excellent. You can do it already in the initial version or add secure remote usage later on (releasing more incrementally).
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/3001#issuecomment-526069137
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20190829/61711a81/attachment.html>
More information about the bisq-github
mailing list