why you didn't create a special account like "@crossposter.app" and add it as Posting Authority of the account to avoid any storage of user private key?
well this is lot of work this is why we asked for support on witness chat.
There is possibility to add posting authority from one account to another to post on someone's blog? Can you tell more how to do that? I don't know if fervi know that or no but im curious :D
Private keys are stored in PostgreSQL what i know.
And how are the keys encrypted? Is the server secure? The number of Hive/Steem accounts hacked because a dApp admin had his server hacked and his database dumped is several tens of thousands!
No, it's not a lot of work! It's one
account_update
operation in the blockchain at the first time login that's it!You add an account like
@crossposter.app
as posting authority and you just have to use the private posting key of the@crossposter.app
to sign any posting operation of the user, it mean you have just one key to secure in an encrypted environment file of the dApp (that's how Peakd, Ecency, etc... work).And any user can revoke the
@crossposter.app
as posting authority of its account by a sameaccount_update
operationI am aware of security. You may be able to help implement this solution.
Personally I preferred steemconnect etc. but unfortunately there are no such solutions on Blurt.
I mean that whole project is a lot of work. Above yt, we planing also support for wordpress and other social media platforms.
Support about, how things can be achieved more secure and better like you do now, is really helpful.