Topic: [ANN][LSK] Lisk | Blockchain Application Platform for JavaScript Developers - page 1988. (Read 3074209 times)

added you both

added you both

added you both

added you

added you

I'll give you a vote!  I'll be running as "nextgencrypto".

Stability is the key!

I'm a full stack developer and a early investor (2nd week). I like Lisk because of  JavaScript as main language. I have just started looking at the dapp development, noticed some serious security concerns with dapp development.

My understanding with dapps is (correct me if I'm wrong), a dapp is hostable component that exposes an http external api and is capable of doing some transactions (withdrawals and deposits). Every dapp can be hosted within in some sidechain. Users can access dapp functionality with the help of exposed api by passing secret and transaction info. It means you have to pass your pass phrase to every dapp you want to do a transaction lets say a withdrawal (paying to dapp owners).

Apple, Microsoft, and google stores are centralized. Every app has to go rigorous review process before getting published in stores ( I published few apps in google and windows stores). The review process mainly includes scanning for malicious code that exposes user phone to external attackers.

Situation 1:

Lisk has no such review process but the code can be viewed by others. Lets say if dapp included with some malicious code that records pass phrases somewhere (not in the dapp), lisk-cli just creates a foundation base for dapp development and users extends it with their own api. How lisk prevents user from accessing dapp and removes from store if malicious code found.  

Situation 2:

Lisk dapps and their sidechains can be hosted by third party entities. Lets say owner setup two VMS. One with actual sidechain with clean dapp code internally and installed a reverse proxy on another VM(that sits on external point and forwards request to internal VM that hosted dapp). The reverse proxy receives the request from user first and records pass phrase and then forwards same request to internal VM without modifying request headers.

Situation 3:

Man in the middle attacks.

If the dapp owner not hosting sidechain with SSL, How Lisk ensures user data not compromised.

Just wondering how lisk handles these situations and prevents owner from misusing pass phrases. Last year, I encountered similar issue with NXT and lost around 10K coins. I used a remote nxt web node to check my transactions frequently. I suspect they recorded my pass phrase and transferred my 10k to theirs account.

I think users shouldn't be forced to send pass phrases to dapp owners, its like sending your BTC private keys to others.

Hey Guys

I will run a delegate Node cc001, I hope I get your votes! Who else will run one an who is planning to vote for whom?

So far I have following people on my voting list:

MalReynolds, PunkRock, Emerge, cannabanana, bigcabrito? nextgencrypto

who else? who wants my vote and gives me his vote?  

I'm a full stack developer and a early investor (2nd week). I like Lisk because of  JavaScript as main language. I have just started looking at the dapp development, noticed some serious security concerns with dapp development.

My understanding with dapps is (correct me if I'm wrong), a dapp is hostable component that exposes an http external api and is capable of doing some transactions (withdrawals and deposits). Every dapp can be hosted within in some sidechain. Users can access dapp functionality with the help of exposed api by passing secret and transaction info. It means you have to pass your pass phrase to every dapp you want to do a transaction lets say a withdrawal (paying to dapp owners).

Apple, Microsoft, and google stores are centralized. Every app has to go rigorous review process before getting published in stores ( I published few apps in google and windows stores). The review process mainly includes scanning for malicious code that exposes user phone to external attackers.

Situation 1:

Lisk has no such review process but the code can be viewed by others. Lets say if dapp included with some malicious code that records pass phrases somewhere (not in the dapp), lisk-cli just creates a foundation base for dapp development and users extends it with their own api. How lisk prevents user from accessing dapp and removes from store if malicious code found.  

Situation 2:

Lisk dapps and their sidechains can be hosted by third party entities. Lets say owner setup two VMS. One with actual sidechain with clean dapp code internally and installed a reverse proxy on another VM(that sits on external point and forwards request to internal VM that hosted dapp). The reverse proxy receives the request from user first and records pass phrase and then forwards same request to internal VM without modifying request headers.

Situation 3:

Man in the middle attacks.

If the dapp owner not hosting sidechain with SSL, How Lisk ensures user data not compromised.

Just wondering how lisk handles these situations and prevents owner from misusing pass phrases. Last year, I encountered similar issue with NXT and lost around 10K coins. I used a remote nxt web node to check my transactions frequently. I suspect they recorded my pass phrase and transferred my 10k to theirs account.

I think users shouldn't be forced to send pass phrases to dapp owners, its like sending your BTC private keys to others.

I'm a full stack developer and a early investor (2nd week). I like Lisk because of  JavaScript as main language. I have just started looking at the dapp development, noticed some serious security concerns with dapp development.

My understanding with dapps is (correct me if I'm wrong), a dapp is hostable component that exposes an http external api and is capable of doing some transactions (withdrawals and deposits). Every dapp can be hosted within in some sidechain. Users can access dapp functionality with the help of exposed api by passing secret and transaction info. It means you have to pass your pass phrase to every dapp you want to do a transaction lets say a withdrawal (paying to dapp owners).

Apple, Microsoft, and google stores are centralized. Every app has to go rigorous review process before getting published in stores ( I published few apps in google and windows stores). The review process mainly includes scanning for malicious code that exposes user phone to external attackers.

Situation 1:

Lisk has no such review process but the code can be viewed by others. Lets say if dapp included with some malicious code that records pass phrases somewhere (not in the dapp), lisk-cli just creates a foundation base for dapp development and users extends it with their own api. How lisk prevents user from accessing dapp and removes from store if malicious code found.  

Situation 2:

Lisk dapps and their sidechains can be hosted by third party entities. Lets say owner setup two VMS. One with actual sidechain with clean dapp code internally and installed a reverse proxy on another VM(that sits on external point and forwards request to internal VM that hosted dapp). The reverse proxy receives the request from user first and records pass phrase and then forwards same request to internal VM without modifying request headers.

Situation 3:

Man in the middle attacks.

If the dapp owner not hosting sidechain with SSL, How Lisk ensures user data not compromised.

Just wondering how lisk handles these situations and prevents owner from misusing pass phrases. Last year, I encountered similar issue with NXT and lost around 10K coins. I used a remote nxt web node to check my transactions frequently. I suspect they recorded my pass phrase and transferred my 10k to theirs account.

I think users shouldn't be forced to send pass phrases to dapp owners, its like sending your BTC private keys to others.