No description provided.
Add a sentence explaining a risk with unsecure money receivers. #581
pull alokmenghrajani wants to merge 2 commits into bitcoin:master from alokmenghrajani:alok/bip32 changing 1 files +3 −1-
alokmenghrajani commented at 7:57 PM on August 24, 2017: none
-
Add a sentence explaining a risk with unsecure money receivers. 995b8154f9
-
nit: consistent use of written numbers. 4cbf507520
-
-
schildbach commented at 8:33 PM on August 24, 2017: contributor
Actually three Java impls exist: bitcoinj is missing.
-
alokmenghrajani commented at 11:52 PM on August 25, 2017: none
re: bitcoinj, I (or anyone else) can add that in another PR.
- luke-jr added the label Proposed BIP modification on Sep 16, 2017
-
alokmenghrajani commented at 7:36 PM on December 15, 2017: none
friendly ping
-
nym-zone commented at 8:10 AM on January 8, 2018: contributor
NACK:
+Obviously, if someone illegally obtains access to the webserver, they can steal money by diverting future transactions to their own address.
Too obviously! Obviously also, in this scenario, the intruder could steal credit card info, reduce the prices of all products to zero, insert Javascript malware into every page, replace the homepage with an offensive “shock” image, or
rm -rf /the whole server.Sadly, the BIP 32 standard omits specification of magical means to stop the hax0r who pwned your server from replacing your Bitcoin addresses with his Bitcoin addresses.
NOTABUG.So, yes, an intruder who takes control of a server can control the server and its outputs. This is not a BIP 32-specific or Bitcoin-specific issue. To explain such an elementary general fact in the standard would make the standard look dumb, and insult the intelligence of the reader.
- alokmenghrajani closed this on Apr 1, 2020
- alokmenghrajani deleted the branch on Apr 1, 2020
Contributors