How secure is it to retrieve an address as an external parameter?
Author: The bride too., Created: 2017-07-21 21:30:57, Updated: 2019-07-31 18:28:48I use the Inventor Quantification platform to extract virtual coins from the exchange, and for convenience, I will extract the address as an external parameter, outside the program.
I am not afraid that someone will change the address of my withdrawal from ok withdrawal, because if someone stealthily changes my address, the withdrawal will fail if it is not the withdrawal address of ok certified.
However, exchanges such as polonix and btc-e do not require authentication of the withdrawal address, and if someone secretly changes the external parameter of the withdrawal address of my program, my coins are lost.
While no one else can see my code, how many of the administrators who have a platform can see my token address and modify the token address?
I'm curious, how safe is it?
- Viabtc Exchange: Apply for an API to support viabtc exchange.
- How to add bitfinex's coin exchange ETH_BTC?
- Editors problem: Some objects built in with strictly declared variables, the editor will return errors.
- Please ask how to use the futures interface to achieve a full-fledged liquidity market
- Coin Innovation District
- Newcomers ask if there is a silver lining to quantitative digital currency trading after the exchange charges a transaction fee.
- Now, when it comes to quantitative trading robots, the benefits are the least.
- How to filter the number of actual exchanges for multi-exchange objects in a multi-exchange strategy
- http://www.stevenwu.me/archives/871
- test
- Inventor quantification The strategy The column diagram The drawing pattern
- Can one server run multiple hosted processes?
- Quantified trading brainstorms are waiting for you!
- The K line is the car, the straight line is the road!
- Repeated balancing issues on some exchanges
- In a scientific and philosophical sense, how can we believe in a strategy that doesn't have logic?
- The multi-headed trend is backtracking strategy
- The root cause of the decentralization of the market to the extreme is found!
- A sustainable and efficient trading model
- Indices: Please ask about the market for OKEX contracts, is there an index?
ZeroThis information belongs to sensitive information, can be used as encryption control type parameters, the system will be saved, using your password as a secret key seed to encrypt, anyone including the platform also can not see the actual saved content, because the encryption is all done in the browser, the server only save the encrypted information, security verification is not every time pop up, generally only pop up once, if you do not refresh the current page, if you enter a password, the next time refresh or reopen, you do not need to enter again.
The Little DreamThe security mechanisms were considered early on ^^
The Little DreamIn the interface parameters, enter a secret key that BotVS will recognize, and the controls will use encrypted strings, not strings, to detect if the sensitive data browser end is encrypted, for example: This is a list of all the different ways Dn-filebox.qbox.me/89bb7724940a89ce5db08b38def691e9d99d6b0a.png is credited in the database. If you don't have a BotVS password, no one can change it.
The bride too.I'm not renting your strategy, but I'm guessing that the poloniex's withdrawal address (i.e. chbtc's charging address) must be used as an interface parameter. If the tenant's botvs account is stolen and the modified parameter is not verified, the coin is definitely lost.
The bride too.Boss, you and Little Dream are talking about finding a way to keep my parameters from being seen. In fact, in many cases, I am not afraid of others seeing my parameters, but I am afraid that after the account is stolen, someone will change my parameters.
The bride too.Boss, if this parameter is an api key, we need to prevent others from stealing it. However, the younger brother now this parameter is a forwarding address, oh, actually not afraid of others to steal, but afraid of others to modify, he wrote his address, I am not tragic. Both are not the same.
The Little DreamIt should be detected sensitive information will pop up, I'm the one who is detected API KEY will pop up, do not do other settings, automatically.
The bride too.This type of controller is just saying that no one else can see it.
The bride too.Thanks for the reply, botvs, I love you to death.