|
Title: Oauth2 // API : security issues Post by: dragons_are_secure on October 14, 2017, 12:18:07 AM We are evaluating security risks for our new bitcoin network. My sense is that the API calls are a real weak point. I don't see alternatives to Oauth2 and/or API keys.
Have others evaluated the relative risks for different protocols? I'm curious if it makes sense to be more imaginative in our API security or whether there are other API security approaches that have been considered in the community. I'm looking over places like: https://developers.coinbase.com/api/v2 https://www.luno.com/en/api https://spectrocoin.com/en/integration/spectrocoin.html#/introduction/overview In searching the bitcointalk archives, there doesn't seem to have been an extensive discussion of this issue. Is there a reason not to look more carefully at the entrance/exit of information from the network? Title: Re: Oauth2 // API : security issues Post by: achow101 on October 14, 2017, 01:12:31 AM Those APIs are not Bitcoin's APIs but rather specific service APIs. This is a problem for services and something for them to deal with, not the Bitcoin network.
Title: Re: Oauth2 // API : security issues Post by: Willful_Grok on October 14, 2017, 01:40:03 AM this is a very pertinent question and I'd like to know more as well. I haven't had any luck finding information on it anywhere within the forum. Security is becoming more of a recognized concern within blockchain.
|