You are viewing a single comment's thread from:

RE: Denial of Service Vulnerability Fix

in #steem6 years ago

Hey, @steemitblog.

Thanks for the update. I appreciate the idea of keeping the potential vulnerability of a denial of service attack secret except for a select few, and that now that you have the patch employed, you've let us know about it. I am trying to follow these updates as frequently as they come out, and hope that others will too. So keep them coming. :)

I believe it was on the last blog talking about the splitting of condenser and the wallet that someone else and myself brought up some quirks in the steemitwallet. It does not stay logged in, even though the box to do is checked. In order to claim rewards, the page needs to be refreshed (which is the same), but then requires a new login every time. Is this going to be the case going forward, or is there a fix forthcoming? Or is it perhaps something I'm doing or not doing on my end. Since I've never had trouble before the separation being able to login once and stay that way for periods of time, I'm still wondering what's up.

Thanks for any attention anyone can give in this matter. :)

Sort:  

I believe this will be fixed, but it is much easier to discuss and address UX issues like this if a PR is submitted and shared. Then I can say whether the PR will be approved or not. Also it may well be the case that a PR has already been submitted, in which case we can skip the discussion and move straight to the meat, "Will this get merged." The goal is to fix all UX issues so that it is a seamless experience, so any poor UX should be resolved.

Hey, @andrarchy

I think I'm looking at the PR list on steemit/steem's github now. I don't see anything. The most recent thing has to do with the Steem Proposal System (worker proposals via blocktrades), and some median feed update from 29 days ago.

Can anyone submit a pull request? I wouldn't know where to begin. I'm sure there's more technical terms for "stay logged in check box when checked doesn't stay logged in." :) I'm willing to learn, though, I'd just need to be pointed in the direction of some tutorials or something.

Are you using your active key to sign in to steemitwallet.com? The active key is not cached because that would put them at risk re: hacking. If you are using your posting key to sign into steemitwallet, this should not be happening. Also if you sign in with your master password this should not be happening because that is used to derive your posting key which would then be cached.

So if you're using your active key then this is the desired behavior, but if not, let me know as that would be a bug.

hey, @andrarchy.

I guess I was using the Active key, which is odd, since I thought I'd changed it to the posting key. However, I just did make the change, and it seems to be doing what I would like it to do, so thanks for the IT help. :)