create account

RE: Denial of Service Vulnerability Fix by glenalbrethsen

View this thread on: hive.blogpeakd.comecency.com

Viewing a response to: @steemitblog/denial-of-service-vulnerability-fix

steem · @glenalbrethsen · 
Hey, @steemitblog.

Thanks for the update. I appreciate the idea of keeping the potential vulnerability of a denial of service attack secret except for a select few, and that now that you have the patch employed, you've let us know about it. I am trying to follow these updates as frequently as they come out, and hope that others will too. So keep them coming. :)

I believe it was on the last blog talking about the splitting of condenser and the wallet that someone else and myself brought up some quirks in the steemitwallet. It does not stay logged in, even though the box to do is checked. In order to claim rewards, the page needs to be refreshed (which is the same), but then requires a new login every time. Is this going to be the case going forward, or is there a fix forthcoming? Or is it perhaps something I'm doing or not doing on my end. Since I've never had trouble before the separation being able to login once and stay that way for periods of time, I'm still wondering what's up.

Thanks for any attention anyone can give in this matter. :)
👍  ,
properties (23)
authorglenalbrethsen
permlinkre-steemitblog-denial-of-service-vulnerability-fix-20190417t025941756z
categorysteem
json_metadata{"tags":["steem"],"users":["steemitblog"],"app":"steemit/0.1"}
created2019-04-17 02:59:42
last_update2019-04-17 02:59:42
depth1
children4
last_payout2019-04-24 02:59:42
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length1,059
author_reputation123,853,032,378,097
root_title"Denial of Service Vulnerability Fix"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id83,235,644
net_rshares24,520,669,539
author_curate_reward""
vote details (2)
@andrarchy ·
$0.03
I believe this will be fixed, but it is much easier to discuss and address UX issues like this if a PR is submitted and shared. Then I can say whether the PR will be approved or not. Also it may well be the case that a PR has already been submitted, in which case we can skip the discussion and move straight to the meat, "Will this get merged." The goal is to fix all UX issues so that it is a seamless experience, so any poor UX should be resolved.
👍  
properties (23)
authorandrarchy
permlinkre-glenalbrethsen-re-steemitblog-denial-of-service-vulnerability-fix-20190417t175626951z
categorysteem
json_metadata{"tags":["steem"],"app":"steemit/0.1"}
created2019-04-17 17:56:27
last_update2019-04-17 17:56:27
depth2
children3
last_payout2019-04-24 17:56:27
cashout_time1969-12-31 23:59:59
total_payout_value0.020 HBD
curator_payout_value0.006 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length450
author_reputation230,168,201,522,782
root_title"Denial of Service Vulnerability Fix"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id83,272,522
net_rshares45,580,768,460
author_curate_reward""
vote details (1)
@glenalbrethsen · 
Hey, @andrarchy

I think I'm looking at the PR list on steemit/steem's github now. I don't see anything. The most recent thing has to do with the Steem Proposal System (worker proposals via blocktrades), and some median feed update from 29 days ago.

Can anyone submit a pull request? I wouldn't know where to begin. I'm sure there's more technical terms for "stay logged in check box when checked doesn't stay logged in." :) I'm willing to learn, though, I'd just need to be pointed in the direction of some tutorials or something.
properties (22)
authorglenalbrethsen
permlinkre-andrarchy-re-glenalbrethsen-re-steemitblog-denial-of-service-vulnerability-fix-20190417t203642373z
categorysteem
json_metadata{"tags":["steem"],"users":["andrarchy"],"app":"steemit/0.1"}
created2019-04-17 20:36:42
last_update2019-04-17 20:36:42
depth3
children2
last_payout2019-04-24 20:36:42
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length532
author_reputation123,853,032,378,097
root_title"Denial of Service Vulnerability Fix"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id83,279,090
net_rshares0
@andrarchy ·
$0.02
Are you using your active key to sign in to steemitwallet.com? The active key is not cached because that would put them at risk re: hacking. If you are using your posting key to sign into steemitwallet, this should not be happening. Also if you sign in with your master password this should not be happening because that is used to derive your posting key which would then be cached.

So if you're using your active key then this is the desired behavior, but if not, let me know as that would be a bug.
👍  
properties (23)
authorandrarchy
permlinkre-glenalbrethsen-re-andrarchy-re-glenalbrethsen-re-steemitblog-denial-of-service-vulnerability-fix-20190417t213725709z
categorysteem
json_metadata{"tags":["steem"],"app":"steemit/0.1"}
created2019-04-17 21:37:24
last_update2019-04-17 21:37:24
depth4
children1
last_payout2019-04-24 21:37:24
cashout_time1969-12-31 23:59:59
total_payout_value0.018 HBD
curator_payout_value0.005 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length502
author_reputation230,168,201,522,782
root_title"Denial of Service Vulnerability Fix"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id83,281,442
net_rshares43,957,178,447
author_curate_reward""
vote details (1)
Help/Feedback