Very good work @yabapmatt.
One question. Many people will try to make scams. How to know that the iframe corresponds with the real steemconnect?Because when I use steemconnect I always look the in the address bar if the link is correct.
Again very good work
This is a really good question that I didn't consider! I don't have an answer other than inspecting the page source which i know is not very user-friendly. Would love to hear some ideas on this from other developers, I hope there's a way we can have integrated payments in this manner but still be able to confirm the identity of the embedded transfer page.
Yes you are right, looking the page source. Another method could be looking the autocomplete function. If the iframe is legitime then our browser will show us our user and the saved password, if it is a scam we will not see anything and it will ask us to write everything.
A good password manager should help. I use Lastpass and I have to trust that it won't give a password to the wrong site. It's a serious risk when money is involved
Good point. Scammers could put an iframe that resembles steemconnect to catch users passwords ... There is no way around this, other than doing your transactions manually, which is simply the best safety practice you can do when it comes to cryptocoins. That's why I think this project is not such a good idea. However, I do trust busy.org, for instance, even though it could be compromised and my posting key could get stolen.