|
Title: Blockchain Wallet API: Generating New Address and Second Password Post by: buffett on December 15, 2013, 02:20:12 PM Hi,
I do not know if here is the right forum, but i submitted here anyway... I'm developing a web application integrated with Blockchain wallet API. The application needs to generate new address automatically for each order. Your wallet api offers creating new addresses (which is great) but the problem is it requires second password to proceed. It means developers need to write the second password in their script which i think it is not a very wise decision. Second password should only be needed for transactional (sending btc out of wallet) and account management actions (changing email/password). Generating new addresses is sure not one of them. Hackers can do no harm by generating new addresses. The most important is the wallet balance safe when the main password is compromised. By forcing applications to send second password for generating new address, is increasing chance for hackers to find the second password and gain full control of the wallet. Please consider to remove second password for generating new address. Most ecommerce applications need to generate addresses automatically without risking their second password will be stolen by hacker when their server are compromised. Second password should be held by wallet's owner safely and only be needed when making outgoing transfers. Thanks. Title: Re: Blockchain Wallet API: Generating New Address and Second Password Post by: microlavka on December 15, 2013, 03:50:55 PM No password required
Title: Re: Blockchain Wallet API: Generating New Address and Second Password Post by: buffett on December 15, 2013, 04:34:56 PM No password required i'm pretty sure password is required. Code: curl "https://blockchain.info/merchant/{identifier}/new_address?password={mypassword}&label=test"maybe you've mistaken with Blockchain Receive Payments API which can be used without an account. What Im referring is Blockchain Wallet API Title: Re: Blockchain Wallet API: Generating New Address and Second Password Post by: piuk on December 19, 2013, 11:44:54 PM Unfortunately this isn't possible with our current setup. The newly generated address needs to be encrypted with the second password before it can be inserted into the wallet. It would be possible to leave the key unencrypted and encrypt it on next login but that feature is not available at the moment.
Title: Re: Blockchain Wallet API: Generating New Address and Second Password Post by: sampathneo on December 22, 2013, 05:34:27 AM No password required yes of cause, no password required for create a new receiving address Title: Re: Blockchain Wallet API: Generating New Address and Second Password Post by: sampathneo on December 22, 2013, 05:35:39 AM here is official api docs you should read it https://blockchain.info/api/api_receive
Title: Re: Blockchain Wallet API: Generating New Address and Second Password Post by: Abdussamad on December 22, 2013, 07:56:09 AM Hi, I do not know if here is the right forum, but i submitted here anyway... I'm developing a web application integrated with Blockchain wallet API. The application needs to generate new address automatically for each order. Your wallet api offers creating new addresses (which is great) but the problem is it requires second password to proceed. It means developers need to write the second password in their script which i think it is not a very wise decision. Second password should only be needed for transactional (sending btc out of wallet) and account management actions (changing email/password). Generating new addresses is sure not one of them. Hackers can do no harm by generating new addresses. The most important is the wallet balance safe when the main password is compromised. By forcing applications to send second password for generating new address, is increasing chance for hackers to find the second password and gain full control of the wallet. Please consider to remove second password for generating new address. Most ecommerce applications need to generate addresses automatically without risking their second password will be stolen by hacker when their server are compromised. Second password should be held by wallet's owner safely and only be needed when making outgoing transfers. Thanks. If you are worried about security look into generating addresses using Electrum MPK. Your private keys will never touch the web server and it'll be much more secure than relying on a third party. There are a few implementations that you can refer to: https://github.com/prusnak/addrgen http://wordpress.org/plugins/bitcoin-payments-for-woocommerce/ |