You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Hypothetically, an advanced XSS attack or malware could attempt to auto-approve a Beet prompt before the user has a chance to reject it.
Describe the solution you'd like
Possibly implement an optional offline captcha to a prompt, once solved the approve prompt button is re-enabled and the ipcrenderer/ipcmain pipeline checks for a solved captcha before broadcast.
Alternatively add a timer countdown till prompt approval button enables (and before ipcmain handler activates), allowing the user time to parse the prompt and reject it if uninterested.
Investigate support for hardware tokens like yubikey, so a hardware token would need to be plugged in before prompts can be approved (and validated in the ipcmain handler).
Additional context
If the user has malware on their computer, it's not out of the question that it could handle optical character recognition to tackle captchas.
Would need to figure out where to add the optional feature trigger, possibly during wallet creation or account addition to a wallet, as well as the settings page?
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Hypothetically, an advanced XSS attack or malware could attempt to auto-approve a Beet prompt before the user has a chance to reject it.
Describe the solution you'd like
Possibly implement an optional offline captcha to a prompt, once solved the approve prompt button is re-enabled and the ipcrenderer/ipcmain pipeline checks for a solved captcha before broadcast.
Describe alternatives you've considered
Reduce XSS risk: #261
Alternatively add a timer countdown till prompt approval button enables (and before ipcmain handler activates), allowing the user time to parse the prompt and reject it if uninterested.
Investigate support for hardware tokens like yubikey, so a hardware token would need to be plugged in before prompts can be approved (and validated in the ipcmain handler).
Additional context
If the user has malware on their computer, it's not out of the question that it could handle optical character recognition to tackle captchas.
Would need to figure out where to add the optional feature trigger, possibly during wallet creation or account addition to a wallet, as well as the settings page?
The text was updated successfully, but these errors were encountered: