Is It safe to Store User keys on local db server?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite












I want to know best practice: Should I store user's generated keys on my local db server with user email and password.
Then when required, should I get it using user email and password.
This way user will not have to remember his private and public key.



Also I will encrypt user keys for extra security before saving to local db.



I am beginner to EOS i am sorry if it sound bad or foolish.



Please Note:



I don't want to force users to use scatter because of bad user experience.



I want a possible secure solution for my application to save keys in which I can create accounts for users from generated keys stored in keosd and then sign transactions from these keys.



How secure is it to retrieve keys from keosd within application via http request?







share|improve this question


























    up vote
    3
    down vote

    favorite












    I want to know best practice: Should I store user's generated keys on my local db server with user email and password.
    Then when required, should I get it using user email and password.
    This way user will not have to remember his private and public key.



    Also I will encrypt user keys for extra security before saving to local db.



    I am beginner to EOS i am sorry if it sound bad or foolish.



    Please Note:



    I don't want to force users to use scatter because of bad user experience.



    I want a possible secure solution for my application to save keys in which I can create accounts for users from generated keys stored in keosd and then sign transactions from these keys.



    How secure is it to retrieve keys from keosd within application via http request?







    share|improve this question
























      up vote
      3
      down vote

      favorite









      up vote
      3
      down vote

      favorite











      I want to know best practice: Should I store user's generated keys on my local db server with user email and password.
      Then when required, should I get it using user email and password.
      This way user will not have to remember his private and public key.



      Also I will encrypt user keys for extra security before saving to local db.



      I am beginner to EOS i am sorry if it sound bad or foolish.



      Please Note:



      I don't want to force users to use scatter because of bad user experience.



      I want a possible secure solution for my application to save keys in which I can create accounts for users from generated keys stored in keosd and then sign transactions from these keys.



      How secure is it to retrieve keys from keosd within application via http request?







      share|improve this question














      I want to know best practice: Should I store user's generated keys on my local db server with user email and password.
      Then when required, should I get it using user email and password.
      This way user will not have to remember his private and public key.



      Also I will encrypt user keys for extra security before saving to local db.



      I am beginner to EOS i am sorry if it sound bad or foolish.



      Please Note:



      I don't want to force users to use scatter because of bad user experience.



      I want a possible secure solution for my application to save keys in which I can create accounts for users from generated keys stored in keosd and then sign transactions from these keys.



      How secure is it to retrieve keys from keosd within application via http request?









      share|improve this question













      share|improve this question




      share|improve this question








      edited Aug 30 at 8:13









      Phillip Hamnett - EOS42

      625218




      625218










      asked Aug 29 at 9:32









      Abdul Manan

      1557




      1557




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          4
          down vote



          accepted










          This depends strongly on your application. The web approach maybe more comfortable for the user but will put you and your application in certain responsibilities and risks. From my understanding you have at least this three possibilities.



          Possibilities:



          Web Only



          If you are running a pure Web-Portal like an Exchange this maybe the way to go. You would kind of provide the wallet for the user. But this has some security issues. If your db gets hacked or your system somehow infiltrated (steal, delete) your user can loose everything related to that keys and this would be your fault. As a crypto user I would personally have some concerns using a new plattform and expose or generate keys there when desktop tools are available.



          Workaround: Proxy Service



          Like written in the comments and other answers it maybe a bad practice to store personal stuff like the private keys of your users. However another thing you could implement would be a proxy solution which will be your application. Your app would then function as a kind of middleware and only use the key of your applications account on the EOS mainnet. You store the emails and passwords like a normal WebApp and would do the authorization by your backend and send transactions only from your account. This would minimize the number of accounts needed and maybe save some RAM. Your smart contract would then need some kind of identification mechanism for the users actions e.g. a field in a multi_index table for some kind of nickname from your WebApp.



          Locally Stored



          Another use case could be an application that stores the information locally (like the greymass vote tool) or some docker bundled application that includes the eosio CLI tools. Advantage of this solution is, that the user is responsible for his actions and you do not have the store all user keys centralized.



          Permission System



          Third option is to use the EOS Permission system. Users could add a special permission for your smart contracts. So they can sign transactions with their regular keys and would accept actions that are signed by your contracts account. Also users can remove permissions anytime they want and are not stuck with potential accounts that use their token for RAM.




          My Opinion:



          Personally I would go with the third option because this is the cleanest version and has major advantages. But like I mentioned before it depends on your use case.




          Additional Read:



          • Maybe the eosjs library is interesting for your use case.

          • Also the RPC documentaion could be worth a look.

          • There are also a few Tools that give the user build in
            functionalities like Scatter.





          share|improve this answer






















          • Thanks !! i have just edit my question please have a look again.
            – Abdul Manan
            Aug 29 at 11:34










          • So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
            – TeeAttack42♦
            Aug 29 at 11:38










          • its currently a web application , we will make mobile application in future as well
            – Abdul Manan
            Aug 29 at 11:51






          • 1




            Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
            – TeeAttack42♦
            Aug 29 at 12:23

















          up vote
          4
          down vote













          Private keys are very confidential information and they need to be stored somewhere very safe where only the owner can access them. But, if you are storing them at your side even after encryption you can always access them because you have the access to your local DB and you know what algorithm you used to encrypt that so you can easily decrypt the keys and use them. So, here you see, the user has to trust you for storing them.


          Now, the question is how to use user's keys to transact the actions?

          Well, you can make the user use wallets to store the keys on their local machine for ex: Scatter. And, in your code, use scatter object to sign the transactions while interacting with blockchain. Here is the blog you can follow to use scatter and eosjs in your code.


          Now, you don't have to store anything confidential at your side and the user doesn't have to trust anyone. Win-Win.






          share|improve this answer




















          • i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
            – Abdul Manan
            Aug 29 at 11:23










          • I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
            – Farhan-TroonTechnologies
            Aug 29 at 11:25







          • 1




            Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
            – Rajat Chaudhary
            Aug 29 at 11:32






          • 1




            I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
            – TeeAttack42♦
            Aug 30 at 8:16










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "696"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2feosio.stackexchange.com%2fquestions%2f2165%2fis-it-safe-to-store-user-keys-on-local-db-server%23new-answer', 'question_page');

          );

          Post as a guest






























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          4
          down vote



          accepted










          This depends strongly on your application. The web approach maybe more comfortable for the user but will put you and your application in certain responsibilities and risks. From my understanding you have at least this three possibilities.



          Possibilities:



          Web Only



          If you are running a pure Web-Portal like an Exchange this maybe the way to go. You would kind of provide the wallet for the user. But this has some security issues. If your db gets hacked or your system somehow infiltrated (steal, delete) your user can loose everything related to that keys and this would be your fault. As a crypto user I would personally have some concerns using a new plattform and expose or generate keys there when desktop tools are available.



          Workaround: Proxy Service



          Like written in the comments and other answers it maybe a bad practice to store personal stuff like the private keys of your users. However another thing you could implement would be a proxy solution which will be your application. Your app would then function as a kind of middleware and only use the key of your applications account on the EOS mainnet. You store the emails and passwords like a normal WebApp and would do the authorization by your backend and send transactions only from your account. This would minimize the number of accounts needed and maybe save some RAM. Your smart contract would then need some kind of identification mechanism for the users actions e.g. a field in a multi_index table for some kind of nickname from your WebApp.



          Locally Stored



          Another use case could be an application that stores the information locally (like the greymass vote tool) or some docker bundled application that includes the eosio CLI tools. Advantage of this solution is, that the user is responsible for his actions and you do not have the store all user keys centralized.



          Permission System



          Third option is to use the EOS Permission system. Users could add a special permission for your smart contracts. So they can sign transactions with their regular keys and would accept actions that are signed by your contracts account. Also users can remove permissions anytime they want and are not stuck with potential accounts that use their token for RAM.




          My Opinion:



          Personally I would go with the third option because this is the cleanest version and has major advantages. But like I mentioned before it depends on your use case.




          Additional Read:



          • Maybe the eosjs library is interesting for your use case.

          • Also the RPC documentaion could be worth a look.

          • There are also a few Tools that give the user build in
            functionalities like Scatter.





          share|improve this answer






















          • Thanks !! i have just edit my question please have a look again.
            – Abdul Manan
            Aug 29 at 11:34










          • So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
            – TeeAttack42♦
            Aug 29 at 11:38










          • its currently a web application , we will make mobile application in future as well
            – Abdul Manan
            Aug 29 at 11:51






          • 1




            Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
            – TeeAttack42♦
            Aug 29 at 12:23














          up vote
          4
          down vote



          accepted










          This depends strongly on your application. The web approach maybe more comfortable for the user but will put you and your application in certain responsibilities and risks. From my understanding you have at least this three possibilities.



          Possibilities:



          Web Only



          If you are running a pure Web-Portal like an Exchange this maybe the way to go. You would kind of provide the wallet for the user. But this has some security issues. If your db gets hacked or your system somehow infiltrated (steal, delete) your user can loose everything related to that keys and this would be your fault. As a crypto user I would personally have some concerns using a new plattform and expose or generate keys there when desktop tools are available.



          Workaround: Proxy Service



          Like written in the comments and other answers it maybe a bad practice to store personal stuff like the private keys of your users. However another thing you could implement would be a proxy solution which will be your application. Your app would then function as a kind of middleware and only use the key of your applications account on the EOS mainnet. You store the emails and passwords like a normal WebApp and would do the authorization by your backend and send transactions only from your account. This would minimize the number of accounts needed and maybe save some RAM. Your smart contract would then need some kind of identification mechanism for the users actions e.g. a field in a multi_index table for some kind of nickname from your WebApp.



          Locally Stored



          Another use case could be an application that stores the information locally (like the greymass vote tool) or some docker bundled application that includes the eosio CLI tools. Advantage of this solution is, that the user is responsible for his actions and you do not have the store all user keys centralized.



          Permission System



          Third option is to use the EOS Permission system. Users could add a special permission for your smart contracts. So they can sign transactions with their regular keys and would accept actions that are signed by your contracts account. Also users can remove permissions anytime they want and are not stuck with potential accounts that use their token for RAM.




          My Opinion:



          Personally I would go with the third option because this is the cleanest version and has major advantages. But like I mentioned before it depends on your use case.




          Additional Read:



          • Maybe the eosjs library is interesting for your use case.

          • Also the RPC documentaion could be worth a look.

          • There are also a few Tools that give the user build in
            functionalities like Scatter.





          share|improve this answer






















          • Thanks !! i have just edit my question please have a look again.
            – Abdul Manan
            Aug 29 at 11:34










          • So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
            – TeeAttack42♦
            Aug 29 at 11:38










          • its currently a web application , we will make mobile application in future as well
            – Abdul Manan
            Aug 29 at 11:51






          • 1




            Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
            – TeeAttack42♦
            Aug 29 at 12:23












          up vote
          4
          down vote



          accepted







          up vote
          4
          down vote



          accepted






          This depends strongly on your application. The web approach maybe more comfortable for the user but will put you and your application in certain responsibilities and risks. From my understanding you have at least this three possibilities.



          Possibilities:



          Web Only



          If you are running a pure Web-Portal like an Exchange this maybe the way to go. You would kind of provide the wallet for the user. But this has some security issues. If your db gets hacked or your system somehow infiltrated (steal, delete) your user can loose everything related to that keys and this would be your fault. As a crypto user I would personally have some concerns using a new plattform and expose or generate keys there when desktop tools are available.



          Workaround: Proxy Service



          Like written in the comments and other answers it maybe a bad practice to store personal stuff like the private keys of your users. However another thing you could implement would be a proxy solution which will be your application. Your app would then function as a kind of middleware and only use the key of your applications account on the EOS mainnet. You store the emails and passwords like a normal WebApp and would do the authorization by your backend and send transactions only from your account. This would minimize the number of accounts needed and maybe save some RAM. Your smart contract would then need some kind of identification mechanism for the users actions e.g. a field in a multi_index table for some kind of nickname from your WebApp.



          Locally Stored



          Another use case could be an application that stores the information locally (like the greymass vote tool) or some docker bundled application that includes the eosio CLI tools. Advantage of this solution is, that the user is responsible for his actions and you do not have the store all user keys centralized.



          Permission System



          Third option is to use the EOS Permission system. Users could add a special permission for your smart contracts. So they can sign transactions with their regular keys and would accept actions that are signed by your contracts account. Also users can remove permissions anytime they want and are not stuck with potential accounts that use their token for RAM.




          My Opinion:



          Personally I would go with the third option because this is the cleanest version and has major advantages. But like I mentioned before it depends on your use case.




          Additional Read:



          • Maybe the eosjs library is interesting for your use case.

          • Also the RPC documentaion could be worth a look.

          • There are also a few Tools that give the user build in
            functionalities like Scatter.





          share|improve this answer














          This depends strongly on your application. The web approach maybe more comfortable for the user but will put you and your application in certain responsibilities and risks. From my understanding you have at least this three possibilities.



          Possibilities:



          Web Only



          If you are running a pure Web-Portal like an Exchange this maybe the way to go. You would kind of provide the wallet for the user. But this has some security issues. If your db gets hacked or your system somehow infiltrated (steal, delete) your user can loose everything related to that keys and this would be your fault. As a crypto user I would personally have some concerns using a new plattform and expose or generate keys there when desktop tools are available.



          Workaround: Proxy Service



          Like written in the comments and other answers it maybe a bad practice to store personal stuff like the private keys of your users. However another thing you could implement would be a proxy solution which will be your application. Your app would then function as a kind of middleware and only use the key of your applications account on the EOS mainnet. You store the emails and passwords like a normal WebApp and would do the authorization by your backend and send transactions only from your account. This would minimize the number of accounts needed and maybe save some RAM. Your smart contract would then need some kind of identification mechanism for the users actions e.g. a field in a multi_index table for some kind of nickname from your WebApp.



          Locally Stored



          Another use case could be an application that stores the information locally (like the greymass vote tool) or some docker bundled application that includes the eosio CLI tools. Advantage of this solution is, that the user is responsible for his actions and you do not have the store all user keys centralized.



          Permission System



          Third option is to use the EOS Permission system. Users could add a special permission for your smart contracts. So they can sign transactions with their regular keys and would accept actions that are signed by your contracts account. Also users can remove permissions anytime they want and are not stuck with potential accounts that use their token for RAM.




          My Opinion:



          Personally I would go with the third option because this is the cleanest version and has major advantages. But like I mentioned before it depends on your use case.




          Additional Read:



          • Maybe the eosjs library is interesting for your use case.

          • Also the RPC documentaion could be worth a look.

          • There are also a few Tools that give the user build in
            functionalities like Scatter.






          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Aug 29 at 12:30

























          answered Aug 29 at 10:22









          TeeAttack42♦

          1,482224




          1,482224











          • Thanks !! i have just edit my question please have a look again.
            – Abdul Manan
            Aug 29 at 11:34










          • So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
            – TeeAttack42♦
            Aug 29 at 11:38










          • its currently a web application , we will make mobile application in future as well
            – Abdul Manan
            Aug 29 at 11:51






          • 1




            Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
            – TeeAttack42♦
            Aug 29 at 12:23
















          • Thanks !! i have just edit my question please have a look again.
            – Abdul Manan
            Aug 29 at 11:34










          • So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
            – TeeAttack42♦
            Aug 29 at 11:38










          • its currently a web application , we will make mobile application in future as well
            – Abdul Manan
            Aug 29 at 11:51






          • 1




            Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
            – TeeAttack42♦
            Aug 29 at 12:23















          Thanks !! i have just edit my question please have a look again.
          – Abdul Manan
          Aug 29 at 11:34




          Thanks !! i have just edit my question please have a look again.
          – Abdul Manan
          Aug 29 at 11:34












          So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
          – TeeAttack42♦
          Aug 29 at 11:38




          So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
          – TeeAttack42♦
          Aug 29 at 11:38












          its currently a web application , we will make mobile application in future as well
          – Abdul Manan
          Aug 29 at 11:51




          its currently a web application , we will make mobile application in future as well
          – Abdul Manan
          Aug 29 at 11:51




          1




          1




          Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
          – TeeAttack42♦
          Aug 29 at 12:23




          Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
          – TeeAttack42♦
          Aug 29 at 12:23










          up vote
          4
          down vote













          Private keys are very confidential information and they need to be stored somewhere very safe where only the owner can access them. But, if you are storing them at your side even after encryption you can always access them because you have the access to your local DB and you know what algorithm you used to encrypt that so you can easily decrypt the keys and use them. So, here you see, the user has to trust you for storing them.


          Now, the question is how to use user's keys to transact the actions?

          Well, you can make the user use wallets to store the keys on their local machine for ex: Scatter. And, in your code, use scatter object to sign the transactions while interacting with blockchain. Here is the blog you can follow to use scatter and eosjs in your code.


          Now, you don't have to store anything confidential at your side and the user doesn't have to trust anyone. Win-Win.






          share|improve this answer




















          • i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
            – Abdul Manan
            Aug 29 at 11:23










          • I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
            – Farhan-TroonTechnologies
            Aug 29 at 11:25







          • 1




            Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
            – Rajat Chaudhary
            Aug 29 at 11:32






          • 1




            I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
            – TeeAttack42♦
            Aug 30 at 8:16














          up vote
          4
          down vote













          Private keys are very confidential information and they need to be stored somewhere very safe where only the owner can access them. But, if you are storing them at your side even after encryption you can always access them because you have the access to your local DB and you know what algorithm you used to encrypt that so you can easily decrypt the keys and use them. So, here you see, the user has to trust you for storing them.


          Now, the question is how to use user's keys to transact the actions?

          Well, you can make the user use wallets to store the keys on their local machine for ex: Scatter. And, in your code, use scatter object to sign the transactions while interacting with blockchain. Here is the blog you can follow to use scatter and eosjs in your code.


          Now, you don't have to store anything confidential at your side and the user doesn't have to trust anyone. Win-Win.






          share|improve this answer




















          • i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
            – Abdul Manan
            Aug 29 at 11:23










          • I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
            – Farhan-TroonTechnologies
            Aug 29 at 11:25







          • 1




            Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
            – Rajat Chaudhary
            Aug 29 at 11:32






          • 1




            I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
            – TeeAttack42♦
            Aug 30 at 8:16












          up vote
          4
          down vote










          up vote
          4
          down vote









          Private keys are very confidential information and they need to be stored somewhere very safe where only the owner can access them. But, if you are storing them at your side even after encryption you can always access them because you have the access to your local DB and you know what algorithm you used to encrypt that so you can easily decrypt the keys and use them. So, here you see, the user has to trust you for storing them.


          Now, the question is how to use user's keys to transact the actions?

          Well, you can make the user use wallets to store the keys on their local machine for ex: Scatter. And, in your code, use scatter object to sign the transactions while interacting with blockchain. Here is the blog you can follow to use scatter and eosjs in your code.


          Now, you don't have to store anything confidential at your side and the user doesn't have to trust anyone. Win-Win.






          share|improve this answer












          Private keys are very confidential information and they need to be stored somewhere very safe where only the owner can access them. But, if you are storing them at your side even after encryption you can always access them because you have the access to your local DB and you know what algorithm you used to encrypt that so you can easily decrypt the keys and use them. So, here you see, the user has to trust you for storing them.


          Now, the question is how to use user's keys to transact the actions?

          Well, you can make the user use wallets to store the keys on their local machine for ex: Scatter. And, in your code, use scatter object to sign the transactions while interacting with blockchain. Here is the blog you can follow to use scatter and eosjs in your code.


          Now, you don't have to store anything confidential at your side and the user doesn't have to trust anyone. Win-Win.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Aug 29 at 10:05









          Rajat Chaudhary

          607116




          607116











          • i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
            – Abdul Manan
            Aug 29 at 11:23










          • I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
            – Farhan-TroonTechnologies
            Aug 29 at 11:25







          • 1




            Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
            – Rajat Chaudhary
            Aug 29 at 11:32






          • 1




            I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
            – TeeAttack42♦
            Aug 30 at 8:16
















          • i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
            – Abdul Manan
            Aug 29 at 11:23










          • I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
            – Farhan-TroonTechnologies
            Aug 29 at 11:25







          • 1




            Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
            – Rajat Chaudhary
            Aug 29 at 11:32






          • 1




            I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
            – TeeAttack42♦
            Aug 30 at 8:16















          i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
          – Abdul Manan
          Aug 29 at 11:23




          i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
          – Abdul Manan
          Aug 29 at 11:23












          I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
          – Farhan-TroonTechnologies
          Aug 29 at 11:25





          I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
          – Farhan-TroonTechnologies
          Aug 29 at 11:25





          1




          1




          Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
          – Rajat Chaudhary
          Aug 29 at 11:32




          Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
          – Rajat Chaudhary
          Aug 29 at 11:32




          1




          1




          I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
          – TeeAttack42♦
          Aug 30 at 8:16




          I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
          – TeeAttack42♦
          Aug 30 at 8:16

















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2feosio.stackexchange.com%2fquestions%2f2165%2fis-it-safe-to-store-user-keys-on-local-db-server%23new-answer', 'question_page');

          );

          Post as a guest













































































          Comments

          Popular posts from this blog

          What does second last employer means? [closed]

          Installing NextGIS Connect into QGIS 3?

          One-line joke