sorry I should have written "replay" attacks
this is a security consideration, because you can impersonate another users or drain their credits, without their consent
actually this also is a security consideration for nostr, but folks havent realised it yet, but they will
so im glad blossom and nip-98 are different, and im very glad you are trying stuff, and have made a system that works, kudos
but careful not to be too dissmissive of security issues, as most in nostr are today
lets say i have a balance nostr.build and and on nostr.cat and i upload a large video to one for 100sats, that request could be replayed on my other account and cost me 100sats without my wishes
melvincarvalho / Melvin Carvalho
npub1me…t5c24
2024-08-27 11:19:54
in reply to nevent1q…at76
Author Public Key
npub1melv683fw6n2mvhl5h6dhqd8mqfv3wmxnz4qph83ua4dk4006ezsrt5c24Published at
2024-08-27 11:19:54Event JSON
{
"id": "e7fe0cfb268c8ce17429ed5fefcc79aaa7aa350694cd14e8e777380d5471329d",
"pubkey": "de7ecd1e2976a6adb2ffa5f4db81a7d812c8bb6698aa00dcf1e76adb55efd645",
"created_at": 1724757594,
"kind": 1,
"tags": [
[
"e",
"0b19b8295a3efbf8be8c0a70be1b4882e91a338291dfb88aee63ddeb1ce001e2",
"wss://a.nos.lol",
"root"
],
[
"e",
"4b9cecd168aea0bfedb206e27d4d53aa661da98a496d234025974226a89fdf28",
"wss://a.nos.lol",
"reply"
],
[
"p",
"de7ecd1e2976a6adb2ffa5f4db81a7d812c8bb6698aa00dcf1e76adb55efd645",
"",
"mention"
],
[
"p",
"266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5"
]
],
"content": "sorry I should have written \"replay\" attacks\n\nthis is a security consideration, because you can impersonate another users or drain their credits, without their consent\n\nactually this also is a security consideration for nostr, but folks havent realised it yet, but they will\n\nso im glad blossom and nip-98 are different, and im very glad you are trying stuff, and have made a system that works, kudos\n\nbut careful not to be too dissmissive of security issues, as most in nostr are today\n\nlets say i have a balance nostr.build and and on nostr.cat and i upload a large video to one for 100sats, that request could be replayed on my other account and cost me 100sats without my wishes",
"sig": "8092ed9bfdf0d59daf7d375ff4293f270ee578e1d6f5470de64d6cfb1fa23022c095dbeccb2722bec4bd5461ec170ee3363811d90dc5ca2ea4c90ebff3b74575"
}