You are viewing a single comment's thread from:

RE: Hive Authentication Services - Developer guide - part 1

in HiveDevs3 years ago

Hi again! I observe the HAS topic presented by You, and with each new post, I understand more and more, but still have a hole in knowledge. Could You share some online publications about out-of-band data ? Maybe it will be good to add some references about security topics mentioned here, to make the post more reliable.
Also, I have a question about malicious applications which sends requests for approval on behalf of other application, how does the HAS protocol prevent such an attack ?

3 years ago in HiveDevs by
$0.30
  • Past Payouts $0.30
  • - Author $0.15
  • - Curators $0.15
1 vote
Reply 1
Sort:  
  • Trending
    • [-]
     3 years ago  

    Could You share some online publications about out-of-band data ?

    Yes, more posts about it and how security is managed are coming... 😅

    how does the HAS protocol prevent such an attack ?

    That will be addressed in the coming posts too.
    TLDR; auth_req sent by a malicious app to HAS will expire and be ignored if the user's PKSA is not running. If the PKSA is running, PKSA should ignore them if they did not retrieve a matching off-band auth_req_payload before.

    $0.00
      Reply