[bisq-network/bisq] Banned payment accounts (Issue #6137)
xyzmaker123
notifications at github.com
Thu Apr 7 16:38:32 CEST 2022
### Description
I was using debugger and saw a lot of records in `filterManager.getFilter().getBannedPaymentAccounts()`. Most of them contains sensitive data like email, username, phone etc. I'm pretty sure I didn't set them manually, so probably they were propagated via P2P network. It seems to be a security issue.
#### Version
1.8.6
### Steps to reproduce
Not reproduceable via UI. Use debugger, stop somewhere where `filterManager` is available and check `filterManager.getFilter().getBannedPaymentAccounts()`
### Expected behaviour
I'm not sure - propositions:
- remove banned payment accounts filtering at all,
- not propagate this data via P2P - only locally,
- use different field to recognize account (salt?) or use has to make this data anonymous
--
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/issues/6137
You are receiving this because you are subscribed to this thread.
Message ID: <bisq-network/bisq/issues/6137 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20220407/b15b53ee/attachment.htm>
More information about the bisq-github
mailing list