Author

Topic: To All Service Providers: Please Decentralize Security! (Read 1289 times)

full member
Activity: 198
Merit: 102
I'm considering providing a fairly detailed description of the security arrangements for the backend of my project here on this forum. The reasons for doing this are

1) it is a good way to get a lot of eyes onto the flaws in the system,
2) I don't believe in security by obscurity,
3) it will help others to create related services in a secure manner thus contributing to the overall impression of Bitcoin as a trustworthy platform on which to do business

However, I'm concerned about doing this because

1) it is a good way to get a lot of black hats looking at the flaws in the system and keeping quiet about them until they can pounce,
2) sometimes keeping people in the dark can slow them down as they attempt to crack the system,

So... I need some reassurance from the experts here that I should do this. At least 5 positive responses should be enough to convince me.

BTW I have put considerable professional expertise into this design - it is not half-baked.
newbie
Activity: 44
Merit: 0
This is how every Bitcoin service provider or exchange should work:

https://exchange.bitparking.com/U/signup/.2Fmain


Providers need to allow openid authentication. For the paranoid among us, we can run our own openid auth servers. For the lazy.. er practical, there is Google OpenID with 2 factor authentication which rivals anything most online banks provide: http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

I will give any company providing me the option to handle my own security through openid priority from now on, and I hope the community can see the wisdom in this and follows suit.

Check out http://www.Youtipit.org I would like to hear what you think of our OpenId login system.
hero member
Activity: 616
Merit: 500
:facepalm:
newbie
Activity: 8
Merit: 0
My project is going down this route.

Give him some more SOMA!
full member
Activity: 210
Merit: 100
Great! Make sure you take a look at this: http://code.google.com/apis/accounts/docs/OpenID.html#settingup

And when you launch, I'll be the first in line to check it out.

Godspeed! Cheesy
full member
Activity: 198
Merit: 102
My project is going down this route.
full member
Activity: 210
Merit: 100
This is how every Bitcoin service provider or exchange should work:

https://exchange.bitparking.com/U/signup/.2Fmain


Providers need to allow openid authentication. For the paranoid among us, we can run our own openid auth servers. For the lazy.. er practical, there is Google OpenID with 2 factor authentication which rivals anything most online banks provide: http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

I will give any company providing me the option to handle my own security through openid priority from now on, and I hope the community can see the wisdom in this and follows suit.
Jump to: