kevinsmith on Nostr: For the time being though, just use damus and don’t share with a web app. Never ...
For the time being though, just use damus and don’t share with a web app. Never safe to put your private key directly into a web app. Impossible for them to protect it. If the app can see it, a XSS attacker can see it.
Published at
2022-12-21 02:44:24Event JSON
{
"id": "b71e231d6df875855cd6c0582b442c3ccdd6690cc8d5a7c8f3dc1ef464eafa82",
"pubkey": "294df6e30a5bbf111ea0fc23dcb522a08e0b8c96dc34d50ef120e43bc6084ecc",
"created_at": 1671590664,
"kind": 1,
"tags": [
[
"e",
"1f62dd1ce71930b800ce250a70fd3678c5869cca3336bbb9b0a2bb857a60d8a0"
],
[
"e",
"f5769382c070ec58d9790020fb4a2d29e56413cb5301691fdb0b81b282dd0d82"
],
[
"p",
"9579444852221038dcba34512257b66a1c6e5bdb4339b6794826d4024b3e4ce9"
]
],
"content": "For the time being though, just use damus and don’t share with a web app. Never safe to put your private key directly into a web app. Impossible for them to protect it. If the app can see it, a XSS attacker can see it.",
"sig": "fa73fabc18dd9e6fbdd8bbe957d3c0e5e370b8ad5654bab3fdba97628aebfaa0f75675ec8f9c301d5b59893019dcd926e45ba919e85007474378f95de08adcdd"
}
