It is true that you could technically make the commando permissions more limited... but since the point of the extension is generally to make payments, it’s a bit logical that this could be used to “drain funds from the node”.
https://github.com/getAlby/lightning-browser-extension/blob/master/src/extension/background-script/connectors/commando.ts#L84 - here is everything that you can do theoretically with the extension, so you can add restrictions for what you want to do if you want.
You can also make the rune expire after some time.
We hope that helps!
Alby
npub1ge…80nfm
2023-08-21 13:23:34
in reply to nevent1q…jcl6
Author Public Key
npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfmPublished at
2023-08-21 13:23:34Event JSON
{
"id": "bbf405b282ae4f900d88756d973b9163ace409ec2025d0c0998de2f4cd35ef45",
"pubkey": "4657dfe8965be8980a93072bcfb5e59a65124406db0f819215ee78ba47934b3e",
"created_at": 1692624214,
"kind": 1,
"tags": [
[
"e",
"89357e5e4e991bef11111c9bbd6a9359ec7b95aa1083f89e43d7f97af79a1805",
"",
"reply"
],
[
"p",
"7bf7db83f73228f5df6ba34849f2af9fd54bf565b5ad698ac708249b310079a0"
]
],
"content": "It is true that you could technically make the commando permissions more limited... but since the point of the extension is generally to make payments, it’s a bit logical that this could be used to “drain funds from the node”.\n\n\nhttps://github.com/getAlby/lightning-browser-extension/blob/master/src/extension/background-script/connectors/commando.ts#L84 - here is everything that you can do theoretically with the extension, so you can add restrictions for what you want to do if you want. \n\nYou can also make the rune expire after some time.\n\nWe hope that helps!",
"sig": "e9b958f13d2864321c9637efc37dfc9ee667c36055d1ba2d992f7e5342cd812cff9fc72aba41775c132ea836ddf150c1031838d530ebae8f3464ecd3f05e2429"
}