Is It safe to Store User keys on local db server?
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
I want to know best practice: Should I store user's generated keys on my local db server with user email and password.
Then when required, should I get it using user email and password.
This way user will not have to remember his private and public key.
Also I will encrypt user keys for extra security before saving to local db.
I am beginner to EOS i am sorry if it sound bad or foolish.
Please Note:
I don't want to force users to use scatter because of bad user experience.
I want a possible secure solution for my application to save keys in which I can create accounts for users from generated keys stored in keosd and then sign transactions from these keys.
How secure is it to retrieve keys from keosd within application via http request?
wallet keys keosd
add a comment |Â
up vote
3
down vote
favorite
I want to know best practice: Should I store user's generated keys on my local db server with user email and password.
Then when required, should I get it using user email and password.
This way user will not have to remember his private and public key.
Also I will encrypt user keys for extra security before saving to local db.
I am beginner to EOS i am sorry if it sound bad or foolish.
Please Note:
I don't want to force users to use scatter because of bad user experience.
I want a possible secure solution for my application to save keys in which I can create accounts for users from generated keys stored in keosd and then sign transactions from these keys.
How secure is it to retrieve keys from keosd within application via http request?
wallet keys keosd
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
I want to know best practice: Should I store user's generated keys on my local db server with user email and password.
Then when required, should I get it using user email and password.
This way user will not have to remember his private and public key.
Also I will encrypt user keys for extra security before saving to local db.
I am beginner to EOS i am sorry if it sound bad or foolish.
Please Note:
I don't want to force users to use scatter because of bad user experience.
I want a possible secure solution for my application to save keys in which I can create accounts for users from generated keys stored in keosd and then sign transactions from these keys.
How secure is it to retrieve keys from keosd within application via http request?
wallet keys keosd
I want to know best practice: Should I store user's generated keys on my local db server with user email and password.
Then when required, should I get it using user email and password.
This way user will not have to remember his private and public key.
Also I will encrypt user keys for extra security before saving to local db.
I am beginner to EOS i am sorry if it sound bad or foolish.
Please Note:
I don't want to force users to use scatter because of bad user experience.
I want a possible secure solution for my application to save keys in which I can create accounts for users from generated keys stored in keosd and then sign transactions from these keys.
How secure is it to retrieve keys from keosd within application via http request?
wallet keys keosd
edited Aug 30 at 8:13
Phillip Hamnett - EOS42
625218
625218
asked Aug 29 at 9:32
Abdul Manan
1557
1557
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
4
down vote
accepted
This depends strongly on your application. The web approach maybe more comfortable for the user but will put you and your application in certain responsibilities and risks. From my understanding you have at least this three possibilities.
Possibilities:
Web Only
If you are running a pure Web-Portal like an Exchange this maybe the way to go. You would kind of provide the wallet for the user. But this has some security issues. If your db gets hacked or your system somehow infiltrated (steal, delete) your user can loose everything related to that keys and this would be your fault. As a crypto user I would personally have some concerns using a new plattform and expose or generate keys there when desktop tools are available.
Workaround: Proxy Service
Like written in the comments and other answers it maybe a bad practice to store personal stuff like the private keys of your users. However another thing you could implement would be a proxy solution which will be your application. Your app would then function as a kind of middleware and only use the key of your applications account on the EOS mainnet. You store the emails and passwords like a normal WebApp and would do the authorization by your backend and send transactions only from your account. This would minimize the number of accounts needed and maybe save some RAM. Your smart contract would then need some kind of identification mechanism for the users actions e.g. a field in a multi_index table for some kind of nickname from your WebApp.
Locally Stored
Another use case could be an application that stores the information locally (like the greymass vote tool) or some docker bundled application that includes the eosio CLI tools. Advantage of this solution is, that the user is responsible for his actions and you do not have the store all user keys centralized.
Permission System
Third option is to use the EOS Permission system. Users could add a special permission for your smart contracts. So they can sign transactions with their regular keys and would accept actions that are signed by your contracts account. Also users can remove permissions anytime they want and are not stuck with potential accounts that use their token for RAM.
My Opinion:
Personally I would go with the third option because this is the cleanest version and has major advantages. But like I mentioned before it depends on your use case.
Additional Read:
- Maybe the eosjs library is interesting for your use case.
- Also the RPC documentaion could be worth a look.
- There are also a few Tools that give the user build in
functionalities like Scatter.
Thanks !! i have just edit my question please have a look again.
â Abdul Manan
Aug 29 at 11:34
So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
â TeeAttack42â¦
Aug 29 at 11:38
its currently a web application , we will make mobile application in future as well
â Abdul Manan
Aug 29 at 11:51
1
Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
â TeeAttack42â¦
Aug 29 at 12:23
add a comment |Â
up vote
4
down vote
Private keys are very confidential information and they need to be stored somewhere very safe where only the owner can access them. But, if you are storing them at your side even after encryption you can always access them because you have the access to your local DB and you know what algorithm you used to encrypt that so you can easily decrypt the keys and use them. So, here you see, the user has to trust you for storing them.
Now, the question is how to use user's keys to transact the actions?
Well, you can make the user use wallets to store the keys on their local machine for ex: Scatter. And, in your code, use scatter object to sign the transactions while interacting with blockchain. Here is the blog you can follow to use scatter and eosjs in your code.
Now, you don't have to store anything confidential at your side and the user doesn't have to trust anyone. Win-Win.
i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
â Abdul Manan
Aug 29 at 11:23
I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
â Farhan-TroonTechnologies
Aug 29 at 11:25
1
Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
â Rajat Chaudhary
Aug 29 at 11:32
1
I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
â TeeAttack42â¦
Aug 30 at 8:16
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
accepted
This depends strongly on your application. The web approach maybe more comfortable for the user but will put you and your application in certain responsibilities and risks. From my understanding you have at least this three possibilities.
Possibilities:
Web Only
If you are running a pure Web-Portal like an Exchange this maybe the way to go. You would kind of provide the wallet for the user. But this has some security issues. If your db gets hacked or your system somehow infiltrated (steal, delete) your user can loose everything related to that keys and this would be your fault. As a crypto user I would personally have some concerns using a new plattform and expose or generate keys there when desktop tools are available.
Workaround: Proxy Service
Like written in the comments and other answers it maybe a bad practice to store personal stuff like the private keys of your users. However another thing you could implement would be a proxy solution which will be your application. Your app would then function as a kind of middleware and only use the key of your applications account on the EOS mainnet. You store the emails and passwords like a normal WebApp and would do the authorization by your backend and send transactions only from your account. This would minimize the number of accounts needed and maybe save some RAM. Your smart contract would then need some kind of identification mechanism for the users actions e.g. a field in a multi_index table for some kind of nickname from your WebApp.
Locally Stored
Another use case could be an application that stores the information locally (like the greymass vote tool) or some docker bundled application that includes the eosio CLI tools. Advantage of this solution is, that the user is responsible for his actions and you do not have the store all user keys centralized.
Permission System
Third option is to use the EOS Permission system. Users could add a special permission for your smart contracts. So they can sign transactions with their regular keys and would accept actions that are signed by your contracts account. Also users can remove permissions anytime they want and are not stuck with potential accounts that use their token for RAM.
My Opinion:
Personally I would go with the third option because this is the cleanest version and has major advantages. But like I mentioned before it depends on your use case.
Additional Read:
- Maybe the eosjs library is interesting for your use case.
- Also the RPC documentaion could be worth a look.
- There are also a few Tools that give the user build in
functionalities like Scatter.
Thanks !! i have just edit my question please have a look again.
â Abdul Manan
Aug 29 at 11:34
So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
â TeeAttack42â¦
Aug 29 at 11:38
its currently a web application , we will make mobile application in future as well
â Abdul Manan
Aug 29 at 11:51
1
Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
â TeeAttack42â¦
Aug 29 at 12:23
add a comment |Â
up vote
4
down vote
accepted
This depends strongly on your application. The web approach maybe more comfortable for the user but will put you and your application in certain responsibilities and risks. From my understanding you have at least this three possibilities.
Possibilities:
Web Only
If you are running a pure Web-Portal like an Exchange this maybe the way to go. You would kind of provide the wallet for the user. But this has some security issues. If your db gets hacked or your system somehow infiltrated (steal, delete) your user can loose everything related to that keys and this would be your fault. As a crypto user I would personally have some concerns using a new plattform and expose or generate keys there when desktop tools are available.
Workaround: Proxy Service
Like written in the comments and other answers it maybe a bad practice to store personal stuff like the private keys of your users. However another thing you could implement would be a proxy solution which will be your application. Your app would then function as a kind of middleware and only use the key of your applications account on the EOS mainnet. You store the emails and passwords like a normal WebApp and would do the authorization by your backend and send transactions only from your account. This would minimize the number of accounts needed and maybe save some RAM. Your smart contract would then need some kind of identification mechanism for the users actions e.g. a field in a multi_index table for some kind of nickname from your WebApp.
Locally Stored
Another use case could be an application that stores the information locally (like the greymass vote tool) or some docker bundled application that includes the eosio CLI tools. Advantage of this solution is, that the user is responsible for his actions and you do not have the store all user keys centralized.
Permission System
Third option is to use the EOS Permission system. Users could add a special permission for your smart contracts. So they can sign transactions with their regular keys and would accept actions that are signed by your contracts account. Also users can remove permissions anytime they want and are not stuck with potential accounts that use their token for RAM.
My Opinion:
Personally I would go with the third option because this is the cleanest version and has major advantages. But like I mentioned before it depends on your use case.
Additional Read:
- Maybe the eosjs library is interesting for your use case.
- Also the RPC documentaion could be worth a look.
- There are also a few Tools that give the user build in
functionalities like Scatter.
Thanks !! i have just edit my question please have a look again.
â Abdul Manan
Aug 29 at 11:34
So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
â TeeAttack42â¦
Aug 29 at 11:38
its currently a web application , we will make mobile application in future as well
â Abdul Manan
Aug 29 at 11:51
1
Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
â TeeAttack42â¦
Aug 29 at 12:23
add a comment |Â
up vote
4
down vote
accepted
up vote
4
down vote
accepted
This depends strongly on your application. The web approach maybe more comfortable for the user but will put you and your application in certain responsibilities and risks. From my understanding you have at least this three possibilities.
Possibilities:
Web Only
If you are running a pure Web-Portal like an Exchange this maybe the way to go. You would kind of provide the wallet for the user. But this has some security issues. If your db gets hacked or your system somehow infiltrated (steal, delete) your user can loose everything related to that keys and this would be your fault. As a crypto user I would personally have some concerns using a new plattform and expose or generate keys there when desktop tools are available.
Workaround: Proxy Service
Like written in the comments and other answers it maybe a bad practice to store personal stuff like the private keys of your users. However another thing you could implement would be a proxy solution which will be your application. Your app would then function as a kind of middleware and only use the key of your applications account on the EOS mainnet. You store the emails and passwords like a normal WebApp and would do the authorization by your backend and send transactions only from your account. This would minimize the number of accounts needed and maybe save some RAM. Your smart contract would then need some kind of identification mechanism for the users actions e.g. a field in a multi_index table for some kind of nickname from your WebApp.
Locally Stored
Another use case could be an application that stores the information locally (like the greymass vote tool) or some docker bundled application that includes the eosio CLI tools. Advantage of this solution is, that the user is responsible for his actions and you do not have the store all user keys centralized.
Permission System
Third option is to use the EOS Permission system. Users could add a special permission for your smart contracts. So they can sign transactions with their regular keys and would accept actions that are signed by your contracts account. Also users can remove permissions anytime they want and are not stuck with potential accounts that use their token for RAM.
My Opinion:
Personally I would go with the third option because this is the cleanest version and has major advantages. But like I mentioned before it depends on your use case.
Additional Read:
- Maybe the eosjs library is interesting for your use case.
- Also the RPC documentaion could be worth a look.
- There are also a few Tools that give the user build in
functionalities like Scatter.
This depends strongly on your application. The web approach maybe more comfortable for the user but will put you and your application in certain responsibilities and risks. From my understanding you have at least this three possibilities.
Possibilities:
Web Only
If you are running a pure Web-Portal like an Exchange this maybe the way to go. You would kind of provide the wallet for the user. But this has some security issues. If your db gets hacked or your system somehow infiltrated (steal, delete) your user can loose everything related to that keys and this would be your fault. As a crypto user I would personally have some concerns using a new plattform and expose or generate keys there when desktop tools are available.
Workaround: Proxy Service
Like written in the comments and other answers it maybe a bad practice to store personal stuff like the private keys of your users. However another thing you could implement would be a proxy solution which will be your application. Your app would then function as a kind of middleware and only use the key of your applications account on the EOS mainnet. You store the emails and passwords like a normal WebApp and would do the authorization by your backend and send transactions only from your account. This would minimize the number of accounts needed and maybe save some RAM. Your smart contract would then need some kind of identification mechanism for the users actions e.g. a field in a multi_index table for some kind of nickname from your WebApp.
Locally Stored
Another use case could be an application that stores the information locally (like the greymass vote tool) or some docker bundled application that includes the eosio CLI tools. Advantage of this solution is, that the user is responsible for his actions and you do not have the store all user keys centralized.
Permission System
Third option is to use the EOS Permission system. Users could add a special permission for your smart contracts. So they can sign transactions with their regular keys and would accept actions that are signed by your contracts account. Also users can remove permissions anytime they want and are not stuck with potential accounts that use their token for RAM.
My Opinion:
Personally I would go with the third option because this is the cleanest version and has major advantages. But like I mentioned before it depends on your use case.
Additional Read:
- Maybe the eosjs library is interesting for your use case.
- Also the RPC documentaion could be worth a look.
- There are also a few Tools that give the user build in
functionalities like Scatter.
edited Aug 29 at 12:30
answered Aug 29 at 10:22
TeeAttack42â¦
1,482224
1,482224
Thanks !! i have just edit my question please have a look again.
â Abdul Manan
Aug 29 at 11:34
So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
â TeeAttack42â¦
Aug 29 at 11:38
its currently a web application , we will make mobile application in future as well
â Abdul Manan
Aug 29 at 11:51
1
Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
â TeeAttack42â¦
Aug 29 at 12:23
add a comment |Â
Thanks !! i have just edit my question please have a look again.
â Abdul Manan
Aug 29 at 11:34
So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
â TeeAttack42â¦
Aug 29 at 11:38
its currently a web application , we will make mobile application in future as well
â Abdul Manan
Aug 29 at 11:51
1
Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
â TeeAttack42â¦
Aug 29 at 12:23
Thanks !! i have just edit my question please have a look again.
â Abdul Manan
Aug 29 at 11:34
Thanks !! i have just edit my question please have a look again.
â Abdul Manan
Aug 29 at 11:34
So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
â TeeAttack42â¦
Aug 29 at 11:38
So is your application a Website you access with a browser or is it a downloadable app for smartphones or desktops?
â TeeAttack42â¦
Aug 29 at 11:38
its currently a web application , we will make mobile application in future as well
â Abdul Manan
Aug 29 at 11:51
its currently a web application , we will make mobile application in future as well
â Abdul Manan
Aug 29 at 11:51
1
1
Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
â TeeAttack42â¦
Aug 29 at 12:23
Ok. Then your applicaion falls into the first category. Which makes you responsible for their keys. Personally I do not like that approach. But what you could do is implement a kind of proxy service. (I will edit the answer)
â TeeAttack42â¦
Aug 29 at 12:23
add a comment |Â
up vote
4
down vote
Private keys are very confidential information and they need to be stored somewhere very safe where only the owner can access them. But, if you are storing them at your side even after encryption you can always access them because you have the access to your local DB and you know what algorithm you used to encrypt that so you can easily decrypt the keys and use them. So, here you see, the user has to trust you for storing them.
Now, the question is how to use user's keys to transact the actions?
Well, you can make the user use wallets to store the keys on their local machine for ex: Scatter. And, in your code, use scatter object to sign the transactions while interacting with blockchain. Here is the blog you can follow to use scatter and eosjs in your code.
Now, you don't have to store anything confidential at your side and the user doesn't have to trust anyone. Win-Win.
i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
â Abdul Manan
Aug 29 at 11:23
I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
â Farhan-TroonTechnologies
Aug 29 at 11:25
1
Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
â Rajat Chaudhary
Aug 29 at 11:32
1
I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
â TeeAttack42â¦
Aug 30 at 8:16
add a comment |Â
up vote
4
down vote
Private keys are very confidential information and they need to be stored somewhere very safe where only the owner can access them. But, if you are storing them at your side even after encryption you can always access them because you have the access to your local DB and you know what algorithm you used to encrypt that so you can easily decrypt the keys and use them. So, here you see, the user has to trust you for storing them.
Now, the question is how to use user's keys to transact the actions?
Well, you can make the user use wallets to store the keys on their local machine for ex: Scatter. And, in your code, use scatter object to sign the transactions while interacting with blockchain. Here is the blog you can follow to use scatter and eosjs in your code.
Now, you don't have to store anything confidential at your side and the user doesn't have to trust anyone. Win-Win.
i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
â Abdul Manan
Aug 29 at 11:23
I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
â Farhan-TroonTechnologies
Aug 29 at 11:25
1
Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
â Rajat Chaudhary
Aug 29 at 11:32
1
I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
â TeeAttack42â¦
Aug 30 at 8:16
add a comment |Â
up vote
4
down vote
up vote
4
down vote
Private keys are very confidential information and they need to be stored somewhere very safe where only the owner can access them. But, if you are storing them at your side even after encryption you can always access them because you have the access to your local DB and you know what algorithm you used to encrypt that so you can easily decrypt the keys and use them. So, here you see, the user has to trust you for storing them.
Now, the question is how to use user's keys to transact the actions?
Well, you can make the user use wallets to store the keys on their local machine for ex: Scatter. And, in your code, use scatter object to sign the transactions while interacting with blockchain. Here is the blog you can follow to use scatter and eosjs in your code.
Now, you don't have to store anything confidential at your side and the user doesn't have to trust anyone. Win-Win.
Private keys are very confidential information and they need to be stored somewhere very safe where only the owner can access them. But, if you are storing them at your side even after encryption you can always access them because you have the access to your local DB and you know what algorithm you used to encrypt that so you can easily decrypt the keys and use them. So, here you see, the user has to trust you for storing them.
Now, the question is how to use user's keys to transact the actions?
Well, you can make the user use wallets to store the keys on their local machine for ex: Scatter. And, in your code, use scatter object to sign the transactions while interacting with blockchain. Here is the blog you can follow to use scatter and eosjs in your code.
Now, you don't have to store anything confidential at your side and the user doesn't have to trust anyone. Win-Win.
answered Aug 29 at 10:05
Rajat Chaudhary
607116
607116
i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
â Abdul Manan
Aug 29 at 11:23
I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
â Farhan-TroonTechnologies
Aug 29 at 11:25
1
Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
â Rajat Chaudhary
Aug 29 at 11:32
1
I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
â TeeAttack42â¦
Aug 30 at 8:16
add a comment |Â
i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
â Abdul Manan
Aug 29 at 11:23
I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
â Farhan-TroonTechnologies
Aug 29 at 11:25
1
Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
â Rajat Chaudhary
Aug 29 at 11:32
1
I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
â TeeAttack42â¦
Aug 30 at 8:16
i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
â Abdul Manan
Aug 29 at 11:23
i don't like scatter all of the above things i am doing to get rid of scatter i don't want the user to force him/her to use scatter for my application.
â Abdul Manan
Aug 29 at 11:23
I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
â Farhan-TroonTechnologies
Aug 29 at 11:25
I want to know how much secure is to store private key in the keosd and retrieve via http request and then use these keys in application for trasact an action ? and i don't want to force users to use scatter because of bad user experience. I want a possible secure solution for my application to save keys in which i create accounts for users from generated keys stored in keosd and then signed transaction from these keys.
â Farhan-TroonTechnologies
Aug 29 at 11:25
1
1
Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
â Rajat Chaudhary
Aug 29 at 11:32
Using scatter is not the bad experience for the user, it will enhance the experience because on every transaction it will ask the permission which ensures the integrity of blockchain. All the major applications use scatter, take the example of monstereos and kingofeos. maybe in future, we will get better alternative.
â Rajat Chaudhary
Aug 29 at 11:32
1
1
I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
â TeeAttack42â¦
Aug 30 at 8:16
I agree. Imagine the user experience when all of your user's keys will be stolen or lost. Your application would be destroyed. This is also kind of against the whole idea of decentralization.
â TeeAttack42â¦
Aug 30 at 8:16
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2feosio.stackexchange.com%2fquestions%2f2165%2fis-it-safe-to-store-user-keys-on-local-db-server%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password