
Whilst this undeniably is a huge security flaw, I do feel like it is advancements like this which will ultimately help introduce Steemit to the masses (and I think we should appreciate Steve's efforts in this regard, too!). It would naturally have been ideal to not have this exploit in the first place, but getting it tested very early on is much better than to have a disaster brewing behind the scenes. It moreover sounds like @roelandp did the right thing and informed affected clients immediately without abusing anything; damage seems very contained.

I think you are totally right.

However with advancements like these... certain responsibilities come.
Since @steve-walschot is a "EU top 25 security auditor" I can't help but feel a bit that after having worked for 'countless hours' he could have at least given it his expertise test since being a top 25 security auditor... Especially since the Woo Plugin was already "almost done" 1 week ago. Let alone that if you have "perfect knowledge" in about 20 code languages "without the help of the allmighty Google" you would also have the knowledge to structure your code in a way that this is not possible.

It's just that this product has to deal with payments, and this stuff is indeed essential for Steem's success, so it must be done really thorough...

Imagine that if I had a black hat, I could now have sold all these digital goods somewhere else with serious implications for @fyrstikken.

yeah @roelandp I am eternally grateful that you were my first and only customer today. This could have gone really bad.

I completely agree, this is better to be found sooner then later. But the simplicity of this exploit versus steve's self proclaimed top 25 EU security expert puts it in an extreme contrast. Just saying. It's like saying you are the best hockey player from Canada and then forgetting your hockey stick on match day.

"It's like saying you are the best hockey player from Canada and then forgetting your hockey stick on match day."

rofl. This is golden.

Never show up without your stick is one of the first things us Canadians learn out of the womb, eh?