Can you comment on the security implications of authorizing @steemautomated to use one's posting role? What's the worst that could happen and are there steps in place to limit attacks?
You are viewing a single comment's thread from:
Can you comment on the security implications of authorizing @steemautomated to use one's posting role? What's the worst that could happen and are there steps in place to limit attacks?
Of course, good question.
The worst thing that can happen is that somebody gains access to all the stored access token that are generated by Steemconnect. In that case the attacker would be able to vote for all the authorised accounts.
When that happens all tokens can be revoked via: https://v2.steemconnect.com/dashboard both the users themselves and I can do that.
The database has been properly secured, and I am building something that will alert me via a text when there is suspicious behaviour.