bit.co.in address shortener | Bitcointalksearch.org

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: coinminers on April 06, 2013, 05:48:01 PM

I didn't spend much time on this so far

That is not a good idea, cause this is a type of site should have a very highly security software, not a site you throw together in a day. I don't think you understand what type of site you are trying to write. I would advise everyone not to use this!

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: tlr on April 06, 2013, 04:52:06 PM

Quote from: ?? on ??

Quote from: tlr on April 06, 2013, 04:21:37 PM

It would be pretty neat if we had a convention to store short address mappings in the blockchain, that way it's totally distributed and transparent.

Build it, you could use something like namecoin to get you started, and you would probably put every shortener out of business.

Also bitcaddy, looks to not talk about the securely they use and plus they charge for custom. Clearly and I hate to do self promotion but http://qcl.me is the currently aside from firstbits, is the most secure and verifiable shortener on the internet. It has been tried to be hacked many times and all attackers haven't gain access to anything. The database can't be changed by me or a 3rd party, the only thing that could happen is the database could be deleted, the site is self checking before displaying any address, and it includes litecoins address. I don't see any completion that does anything remotely to what my site is doing. If they are they don't talk about it.

Oh, "firstbits" seems to solve this problem nicely, except for the transaction spam problem, and you can't use custom names. My idea would suffer the same problem, unless we used a separate block chain like namecoin, but I don't particularly like that idea. In that case it would make more sense to just use namecoin with a different namespace.

The developer recommend from doing it, and I have to agree, but yeah it is a good way, then a new blockchain would be good too cause you could make a web front end for that.

coinminers

full member

Activity: 147

Merit: 100

By the way, on bit.co.in you can now opt in to get your address stored in the Namecoin blockchain instead of our server.

coinminers

full member

Activity: 147

Merit: 100

We have now added a fraud detection feature which you can embed independently on your end with completely verifiable javascript. If the address is changed it'll alert you accordingly.

See here for an example:

http://bit.co.in/ej

Best,
Nima

coinminers

full member

Activity: 147

Merit: 100

Also I just wanted to let you know that now all shortnames are one way hashed and addresses encrypted with the shortname, so there's no way for anyone even if he got into it to replace other shortlink's currency addresses with his own.

Thanks for the feedback.
Cheers!

coinminers

full member

Activity: 147

Merit: 100

Quote from: Nicolai on April 06, 2013, 03:50:58 PM

Quote from: coinminers on April 06, 2013, 12:39:08 PM

Quote from: gweedo on April 04, 2013, 03:31:42 AM

I guess your the owner Roll Eyes

you could have just said so Wink

Also can you explain the security you employ? Are the address encrypted so you can't change them?

We employ the most up to date Cross-site Scripting Prevention, Cross-site Request Forgery Prevention, and Cookie Attack Prevention (even though there is no login capability yet) techniques.

Furthermore the server is only accessible through non 80 ports from one single undisclosed location.

If the addresses were encrypted I could still change them so I don't see how encryption would help prevent me from doing so if I had the retarded intention to do so, unless I'm missing something?

And do you know anything about security, or are you just copy/pasting a lot of bull**** ?

http://bit.co.in/123451 <-- woops?

OK, I added the appropriate validation now. I'm very sorry for missing this obvious shortcoming and I appreciate you pointing it out.

coinminers

full member

Activity: 147

Merit: 100

Quote from: ?? on ??

Another flaw in the system, what if someone hacks your email without you knowing it and collects some pins waits and then changes the addresses...

I sell the site, without the software, this is not looking good for you plus your getting ran over in the business.

The good news is that the software can be changed. I didn't spend much time on this so far and was doing this mostly to gather this kind of feedback and hear these kinds of concerns which I appreciate.

I have lots of ideas on how to improve things.

tlr

member

Activity: 86

Merit: 10

Quote from: ?? on ??

Quote from: tlr on April 06, 2013, 04:21:37 PM

It would be pretty neat if we had a convention to store short address mappings in the blockchain, that way it's totally distributed and transparent.

Build it, you could use something like namecoin to get you started, and you would probably put every shortener out of business.

Also bitcaddy, looks to not talk about the securely they use and plus they charge for custom. Clearly and I hate to do self promotion but http://qcl.me is the currently aside from firstbits, is the most secure and verifiable shortener on the internet. It has been tried to be hacked many times and all attackers haven't gain access to anything. The database can't be changed by me or a 3rd party, the only thing that could happen is the database could be deleted, the site is self checking before displaying any address, and it includes litecoins address. I don't see any completion that does anything remotely to what my site is doing. If they are they don't talk about it.

Oh, "firstbits" seems to solve this problem nicely, except for the transaction spam problem, and you can't use custom names. My idea would suffer the same problem, unless we used a separate block chain like namecoin, but I don't particularly like that idea. In that case it would make more sense to just use namecoin with a different namespace.

coinminers

full member

Activity: 147

Merit: 100

Quote from: remotemass on April 06, 2013, 12:53:28 PM

What is the 4 digit pin number?
Is it to allow the owner of it to change the link to another address later? That would be a nice feature

Yes, but it has to happen by emailing us and we'll then do it for you upon verification.

tlr

member

Activity: 86

Merit: 10

Also saw this today: http://bitcaddy.com/

It would be pretty neat if we had a convention to store short address mappings in the blockchain, that way it's totally distributed and transparent.

coinminers

full member

Activity: 147

Merit: 100

Quote from: gweedo on April 06, 2013, 04:06:51 PM

That is a basic security for a web site...

Yes, I agree. It was an oversight on my part for which I aplologize.

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: coinminers on April 06, 2013, 04:04:47 PM

Quote from: Nicolai on April 06, 2013, 03:50:58 PM

And do you know anything about security, or are you just copy/pasting a lot of bull**** ?

http://bit.co.in/123451 <-- woops?

No I was giving you my honest answer, doesn't mean we can't improve things of course.

That is a basic security for a web site...

coinminers

full member

Activity: 147

Merit: 100

Quote from: Nicolai on April 06, 2013, 03:50:58 PM

And do you know anything about security, or are you just copy/pasting a lot of bull**** ?

http://bit.co.in/123451 <-- woops?

No I was giving you my honest answer, doesn't mean we can't improve things of course.

Nicolai

newbie

Activity: 39

Merit: 0

Quote from: coinminers on April 06, 2013, 12:39:08 PM

Quote from: gweedo on April 04, 2013, 03:31:42 AM

I guess your the owner Roll Eyes

you could have just said so Wink

Also can you explain the security you employ? Are the address encrypted so you can't change them?

We employ the most up to date Cross-site Scripting Prevention, Cross-site Request Forgery Prevention, and Cookie Attack Prevention (even though there is no login capability yet) techniques.

Furthermore the server is only accessible through non 80 ports from one single undisclosed location.

If the addresses were encrypted I could still change them so I don't see how encryption would help prevent me from doing so if I had the retarded intention to do so, unless I'm missing something?

And do you know anything about security, or are you just copy/pasting a lot of bull**** ?

http://bit.co.in/123451 <-- woops?

https://i.imgur.com/wz7TKlY.png

mai77

newbie

Activity: 28

Merit: 0

there is a high risk potential in this. I don't think people will use it overly, unless there is credible insurance against fraud by anybody.

rme

hero member

Activity: 756

Merit: 504

Quote from: gweedo on April 06, 2013, 01:40:09 PM

Quote from: coinminers on April 06, 2013, 12:39:08 PM

If the addresses were encrypted I could still change them so I don't see how encryption would help prevent me from doing so if I had the retarded intention to do so, unless I'm missing something?

but what if a hacker gains access and changes the address how do protect against it?

If a hacker gains access can replace the entire website with a fake one and you can do nothing to stop it.
Just use a 64 character password for the ftp and do not login in a insecure pc.

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: coinminers on April 06, 2013, 12:39:08 PM

If the addresses were encrypted I could still change them so I don't see how encryption would help prevent me from doing so if I had the retarded intention to do so, unless I'm missing something?

but what if a hacker gains access and changes the address how do protect against it?

remotemass

legendary

Activity: 1122

Merit: 1017

ASMR El Salvador

What is the 4 digit pin number?
Is it to allow the owner of it to change the link to another address later? That would be a nice feature

coinminers

full member

Activity: 147

Merit: 100

Quote from: gweedo on April 04, 2013, 03:31:42 AM

I guess your the owner Roll Eyes

you could have just said so Wink

Also can you explain the security you employ? Are the address encrypted so you can't change them?

We employ the most up to date Cross-site Scripting Prevention, Cross-site Request Forgery Prevention, and Cookie Attack Prevention (even though there is no login capability yet) techniques.

Furthermore the server is only accessible through non 80 ports from one single undisclosed location.

If the addresses were encrypted I could still change them so I don't see how encryption would help prevent me from doing so if I had the retarded intention to do so, unless I'm missing something?

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: coinminers on April 04, 2013, 03:27:23 AM

Quote from: rme on April 04, 2013, 03:04:36 AM

Your Bitcoin Address is too short (minimum is 34 characters).

Thats a bug, "A Bitcoin address, or simply address, is an identifier of 27-34 alphanumeric characters, beginning with the number 1 or 3, that represents a possible destination for a Bitcoin payment."

My Bitcoin address is 32 characters long, please fix ASAP Wink

Try now

I guess your the owner Roll Eyes

you could have just said so Wink

Also can you explain the security you employ? Are the address encrypted so you can't change them?

Topic: bit.co.in address shortener (Read 2220 times)