The private keys are needed for SteemConnect to grant another account permissions. The private posting is not enough to grant permissions to another account. busy.org also uses SteemConnect. SteemConnect is maintained by busy.org and the Steem Dev Team. If you trust busy and the Steem Dev Team, you can trust dMania.
You are viewing a single comment's thread from:
So, this means we have to use the "Posting Key", "Active Key" or, I doubt it, the famous and ultimate one that rules them all, the Owner Key"???
Thanks a lot for sharing your knowledge, it is much appreciated from this end. Namaste :)
Yet, with busy.org, I can log in with my posting key. Why do we have to use owner or master keys for DMania?
I have noticed this on a number of other projects claiming that SteemConnect only allows for owner or master key logins. Therefore, something doesn't add up.
Some of these projects are very interesting, but I will not use any of these services that require login with owner or master keys. It is insecure.
Remember, that is the whole point of blockchain and crypto space, to be trustless. We should not have to trust your service that it is not storing or using our owner or master keys.
So if Busy.org can do it with the posting key, why can't DMania?
On the current version of busy.org you can do that because they use SteemConnect V1. The new version of busy that is currently in beta also uses SteemConnect V2 and you will have to use your master, owner or active key too.
I contacted @fabien, one of the creators of busy about the key issue and he said it isn't possible to use SteemConnectV2 with your private posting key.
I can understand that some users are uncomfortable about using their keys on other sites than Steemit. It will get better when SteemConnectV2 is better known.
Actually you already trust Steemit with your keys. You don't have to trust my website, you only have to trust SteemConnect. You will be redirected to SteemConnect and you will never enter a private key on dMania. Like I said, SteemConnect is maintained by the Steem Dev Team themselves.
The difference is, Steemit is built by the same people who built the blockchain that my keys access.
OK, thank you for the technical clarification there, Busy.org still seems to using SteemConnect V1, but your project and others are using V2.
There needs to some clarification from the SteemConnect dev team why they have done this. I guess there is info somewhere?
There is only the official announcement of SteemConnectV2:
https://steemit.com/steemit/@steemitblog/steemconnect-2-0-easy-fast-efficient-access-to-the-steem-blockchain
SteemConnectV1 stored your private key in your cookies and sent them back and forth. That was definitely not a good solution.
With SteemConnectV2 you grant permission to other apps. For that you need your master, owner or active key. In my opinion it should be possible to grant posting permission with the posting key, but the Steem dev team decided that it shouldn't be. Maybe they will change that in some hard fork.
Great, it seems we are on the same page then. Perhaps it going to take some community "campaigning" to see such a change happen.
ahhhh well cant we make it so dmania just uses posting keyagain? I do trist steemconnect with alll my heart lol but inteh future ifi tfalls into the wrong hands... you know the rest
we should be keeping tabs on thius situation.... i forgot that i even used my owner key on steemconnect... we shouldnt have to ever use our owner ley on anythingman wtf,.. we should only ever haveto use our active key... his make sme very upset... why would steemconnect ever haveto change our password??????????? because thats all you would ever need the owner key for!!!!!
maaaaan this upsets me
i dont wanna haveto trust steemconnect ..... but i do
OK @zombee u deserve all the money u make man! you shoudl check THIS out bro
https://themerkle.com/mdk-entertainment-community-will-tokenize-memes-in-a-new-blockchain-project/
New token to monetize memes!
get one stepo ahead of this and involve urself with thisnew prohect just in case :D
great one work..
non ci pa organivroi pour laccepter