Bitcoin Forum

Bitcoin => Project Development => Topic started by: cryptokangaroo on November 04, 2018, 07:14:35 PM



Title: blockchain security question
Post by: cryptokangaroo on November 04, 2018, 07:14:35 PM
Assume that you have a prefectly secure blockchain to work on that acts as part of a website's backend - how feasible is it to create a front end that interacts with the blockchain that does create a security flaw? Is it possible? Could any developer do it or would one have to pay a lot of money for a security specialist to do it?


Title: Re: blockchain security question
Post by: bob123 on November 05, 2018, 10:35:37 AM
1. Nothing is 'perfectly secure' period.

2. A front-end should NEVER create security flaws. When interacting with a 'blockchain backend', anyone can create their own 'front end'.
Anyone can decide for himself when and how to communicate with the network. 'A frontend' is never the only access to the 'blockchain backend'.

3. In your scenario everyone should(!) be able to create a front-end. But anything has to be built with security in mind, or you will(!) have bugs/vulnerabilities.


Title: Re: blockchain security question
Post by: NeuroticFish on November 05, 2018, 12:57:33 PM
Assume that you have a prefectly secure blockchain to work on that acts as part of a website's backend - how feasible is it to create a front end that interacts with the blockchain that does create a security flaw? Is it possible? Could any developer do it or would one have to pay a lot of money for a security specialist to do it?

It also depends on what you mean by security flaw.
Let me give an example from Bitcoin. The blockchain is secure, it's backed by a good software, a good number of nodes and miners. But if you put transfer some money at a certain wallet and give the private key freely on the internet, somebody will steal your money.
Is blockchain less secure? No. The thieve's transaction is as secure and valid as your previous transaction. Was your wallet insecure? Yep.

So it depends what the front end actually does, how it works with the blockchain and how bad is it coded. I guess that probably the flaw has more chances to occur in "authenticating" over the blochchain than a security flaw in the blockchain itself. (Of course, without a big/expensive enough hash rate, no blockchain is 100% safe.)