Topic: [XCR] Crypti | Dapps | Sidechains | Dapp Store | OPEN SOURCE | 100% own code | DPoS - page 560. (Read 804701 times)

You provide valid secretPhrase and you can send crypti


http://crypti.me:6040/api/sendMoney?accountAddress=15413165176907764021C&amount=100&fee=0.31640625&recepient=2896597140253424866C&secretPharse=lksdjfhsdkfjsdhfksdjfhsdkjfhsdkjfhksjdfhkjsdf1hksdjfhaskdjfhksadjfhaskldf

Result:
{
  "success": false,
  "error": "Invalid passphrase, check your passphrase please"
}

And again, it's beta, we will move all operations with secretPhrase in POST and add SSL Now

http://crypti.me:6040/api/sendMoney?accountAddress=15413165176907764021C&amount=100&fee=0.31640625&recepient=2896597140253424866C&secretPharse=lksdjfhsdkfjsdhfksdjfhsdkjfhsdkjfhksjdfhkjsdfhksdjfhaskdjfhksadjfhaskldf

How is that secure? Click it to send 100 coins from an account to another one.

It's not to me. I wrote to dev already about SSL and some other problems. And they fixed part of problems.
And it's Beta, it is not necessary to use for pre-sale.


I don't know how NXT client working now. But they were looking for a way to signature transactions by JS without transfer password to the remote node. And you can do same if need.

And yes, you can see balances of accounts. Blockexplorer too.
But, we will add SSL today and move operations with secretPhrase to POST requests.

I appreciate the effort your whole team has put into organizing everything. It already looks better than most of the IPO's out there.

As stated before, my only concern is that while you have optimized most of the things fairly well, it seems an important piece is still missing from the IPO puzzle.

The dev team has agreed that 500 btc would cover the necessary requirements for the dev fund fairly well. However, given the situation, I expect Crypti to raise at least between 800-1000 btc. Now it seems obvious that there should be a point where because of too much investment Crypti will be over diluted and over priced, and it will certainly not be good if Crypti would reach that point starting from the IPO. Further more, I think the dev team interest along with the investors interest should be among the most important things to keep in mind while deciding the IPO rules.

That said, I'm not sure why the IPO is set to last one whole month. A better option would be to set a cap of lets say 1000 btc(or whatever reasonable sum you decide) or if the cap is not reached you have an open time limit of 1 month. The idea being that after 1000 btc(or whatever sum) the IPO will go against the best interest of its investors because of over pricing and over dilution. If this should happen, both the early investors and the late investors will suffer in the process. Maybe some kind of upper cap limit(2x-3x of what is actually needed for development) could be proposed and added to ensure a basic safety net for the investors who are looking forward to joining and contributing to the project.

Any thoughts on that?

And we will hire security auditing soon, next 2 weeks.

SSL will be added today

Yes.

And? NXT had same. We can move to POST request. But how it add a lot of security?

How will I get the bonus if I buy on BTER?

I understand that you have a huge IPO going on, but you owe it to those buying to ensure that their data is safe.

This is your "authentication": http://crypti.me:6040/api/unlock?secretPhrase=lksdjfhsdkfjsdhfksdjfhsdkjfhsdkjfhksjdfhkjsdfhksdjfhaskdjfhksadjfhaskldf

That is SCARY that is not authentication, that is a passphrase being sent in plain text in an url, over plain http.

I cannot stress how bad this is, I have never seen anything so insecure in my entire life.

WTF? authentication isn't even used.. here view my balance: http://crypti.me:6040/api/getAllTransactions?accountId=15413165176907764021C

You need to do something about this now, people are buying with huge amounts of BTC!

 Did the dgex and mint still provide the escrow service  ?

 bter sold nearly 87 BTC .

 Wow. congratulations from my heart

ok, why don't have topic in russian language?

Input logging requires higher system rights than reading storage.
And sometimes the attacker has remote access to the computer (through vnc or same) and if you have opened page and the password is stored in the browser - the money is taken away. Similar case has been described by one local forum.

Not all.

devs, are you guys russian?

The point of using localStorage and public key cryptography is to mitigate against MITM and replay attacks, cookie/session jacking, and keep the application stateless.

The "third-party local program" argument is invalid because a malicious third party local program can read a passphrase input in to a web page also.

I think code examples are already open source, or you can just go to the ripple client and look at the code. Many other things use this method too, it is proven.

You have a point indeed.

There will be no direct channel - all buys to be performed via our escrow partners Bter and Maxmint only.

It won't be possible, as the raised funds will be controlled by the Foundation, who will spend the funds on development, marketing and promotion. We all prefer to have Crypti reach leading status organically, rather then via manipulations.

Will bonus be given as below?

0 BTC = 10%
50 BTC = 9%
100 BTC = 8%
150 BTC = 7%
200 BTC = 6%
250 BTC = 5%
300 BTC = 4%
350 BTC = 3%
400 BTC = 2%
450 BTC = 1%
500 BTC = 0%