jim667
Newbie
 Offline
Activity: 37
Merit: 0
|
 |
April 20, 2013, 03:38:24 PM
Last edit: April 20, 2013, 03:54:18 PM by jim667 |
|
TradeFortress, any plans to add HTTPS? Now the passwords can be easily sniffed (or am I wrong?), not exactly the best solution for something that deals with coins  Google authenticator explicitly relies on a separate device to generate codes meaning I cannot use the same pc, right? This is a problem for anonymity lovers, like me. Basically, I cannot use the site now. |
|
|
|
|
🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
April 20, 2013, 04:07:40 PM |
|
Yes, Google Authenticator requires the app on a phone (there's also an unofficial windows version, but that's not really recommended cause it kinda defeats the point). But, I just implemented client hashing via JavaScript. So your password is not sent in plaintext over HTTP, it is hashed on the client & on the server, and again on the server with a salt. Currently, an attacker could submit the same hash if they sniffed the packet (but won't know the plaintext), but I will be working on time specific salts on the client later. If you are having login issues, please try a "hard refresh" (hold down refresh button on Chrome and select the option, Ctrl+F5 on Firefox). |
|
|
|
|
|
001sonkit
|
|
April 20, 2013, 04:21:52 PM |
|
Happy to see more improvements going on as it is holding all my hot wallet $$. Thinking if i should move the cold coins to your site in future. Keep working and building trust.
|
GEMINI ACCOUNT REVIEW - Source of Funds Request
|
|
|
|
001sonkit
|
|
April 20, 2013, 04:30:44 PM |
|
By the way, as account transaction getting more, i think we need a page dedicated for a full list of that, with those TX id and such things, not only desc
Tested 2FA, just suggestion, add a "success" response on the enableing. Just have ppl know that enabled it without ppl like me clicking a thousand time and realized at the next login
|
GEMINI ACCOUNT REVIEW - Source of Funds Request
|
|
|
|
001sonkit
|
|
April 20, 2013, 04:39:31 PM |
|
Sounds like a newbies to me, do more research bro
|
GEMINI ACCOUNT REVIEW - Source of Funds Request
|
|
|
takagari
Legendary
Offline
Activity: 1050
Merit: 1000
|
|
April 20, 2013, 05:22:09 PM |
|
like a buncha children lol. I've signed up send in proof of ID and a Bill, Sadly I live on a farm and have nothing really which show's my address bill wise aside from my ID which has the actual location, the bill with my Box Number I think I'll drop a few coins to see how the interested work's, Look forward to it EDIT: My pay stubs come in as a pdf, you only allow image upload. Would a screen grab work? |
|
|
|
|
|
Birdy
|
|
April 20, 2013, 05:30:41 PM |
|
You don't need to upload any proofs, if you want the interest. Only, if you want to borrow. ôo
|
|
|
|
|
|
001sonkit
|
|
April 20, 2013, 05:32:32 PM |
|
just like BTCJAM, but you are lending to a proxy instead of a direct lending, thou both can f you up. BUt with the rep of TF, i guess the risk is smaller
|
GEMINI ACCOUNT REVIEW - Source of Funds Request
|
|
|
takagari
Legendary
Offline
Activity: 1050
Merit: 1000
|
|
April 20, 2013, 05:54:16 PM
Last edit: April 20, 2013, 06:36:25 PM by takagari |
|
I'm aware of that, but you never know, may as well get it over with.
|
|
|
|
|
|
001sonkit
|
|
April 20, 2013, 05:55:52 PM |
|
Just being curious, why would you generate a new address for every deposit? Instead of just 1 per account?
I use getaccountaddress, which "returns a new address whenever the old address has a non-zero balance. This is intentional" (for anonymity purposes). Old addresses will still work, just like Mt Gox 3 confirms and coins will be here |
GEMINI ACCOUNT REVIEW - Source of Funds Request
|
|
|
takagari
Legendary
Offline
Activity: 1050
Merit: 1000
|
|
April 20, 2013, 06:01:30 PM |
|
interesting, I'm just used to them appearing as unconfirmed,
thanks
|
|
|
|
|
|
tuckertz1992
|
|
April 21, 2013, 12:39:52 AM |
|
|
New Bitcoin Miner - If i've helped you, please donate: 15G6Zm6rAJu6ME5BQqX9GXGwGLgzC9Mboc
|
|
|
|
shawshankinmate37927
|
|
April 21, 2013, 01:30:58 AM |
|
TradeFortress,
As an additional layer of security, is there any chance you could give depositors, when initially setting up their account, the option of allowing funds, when withdrawn, to only be sent back to the address that the deposit came from?
As an example, if my account was hacked into, and the hacker made a 1 BTC deposit, then the only funds that could be withdrawn back to the hacker's BTC address would be the deposit he made from that address and any interest made on that 1 BTC.
|
"It is well enough that people of the nation do not understand our banking and monetary system, for if they did, I believe there would be a revolution before tomorrow morning." - Henry Ford
|
|
|
🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
April 21, 2013, 01:54:06 AM |
|
TradeFortress,
As an additional layer of security, is there any chance you could give depositors, when initially setting up their account, the option of allowing funds, when withdrawn, to only be sent back to the address that the deposit came from?
As an example, if my account was hacked into, and the hacker made a 1 BTC deposit, then the only funds that could be withdrawn back to the hacker's BTC address would be the deposit he made from that address and any interest made on that 1 BTC.
I'm working on a feature where you can lock in a withdrawal address in settings, and can only unlock it with a 14 day cooling off period. |
|
|
|
|
|
shawshankinmate37927
|
|
April 21, 2013, 02:04:25 AM |
|
TradeFortress,
As an additional layer of security, is there any chance you could give depositors, when initially setting up their account, the option of allowing funds, when withdrawn, to only be sent back to the address that the deposit came from?
As an example, if my account was hacked into, and the hacker made a 1 BTC deposit, then the only funds that could be withdrawn back to the hacker's BTC address would be the deposit he made from that address and any interest made on that 1 BTC.
I'm working on a feature where you can lock in a withdrawal address in settings, and can only unlock it with a 14 day cooling off period. Nice. I'll feel comfortable depositing more when that feature is in place. On another note, what fraction of the deposits do you intend to hold on reserve and make unavailable for loans? |
"It is well enough that people of the nation do not understand our banking and monetary system, for if they did, I believe there would be a revolution before tomorrow morning." - Henry Ford
|
|
|
|
Equilux
|
|
April 21, 2013, 02:10:51 AM |
|
TradeFortress,
As an additional layer of security, is there any chance you could give depositors, when initially setting up their account, the option of allowing funds, when withdrawn, to only be sent back to the address that the deposit came from?
As an example, if my account was hacked into, and the hacker made a 1 BTC deposit, then the only funds that could be withdrawn back to the hacker's BTC address would be the deposit he made from that address and any interest made on that 1 BTC.
I'm working on a feature where you can lock in a withdrawal address in settings, and can only unlock it with a 14 day cooling off period. Very nice feature, I'll be looking forward to that! |
|
|
|
|
Birdy
|
|
April 21, 2013, 04:52:58 AM |
|
TradeFortress,
As an additional layer of security, is there any chance you could give depositors, when initially setting up their account, the option of allowing funds, when withdrawn, to only be sent back to the address that the deposit came from?
As an example, if my account was hacked into, and the hacker made a 1 BTC deposit, then the only funds that could be withdrawn back to the hacker's BTC address would be the deposit he made from that address and any interest made on that 1 BTC.
I'm working on a feature where you can lock in a withdrawal address in settings, and can only unlock it with a 14 day cooling off period. Very nice feature, I'll be looking forward to that! ^_^ |
|
|
|
|
|
BigBitz
|
|
April 21, 2013, 10:07:48 AM |
|
any page showing interest accrued?
|
Tips BTC --> 1BS2sYvy3T1cpNhie6CVFMcUrHa84a8mPa <-- Thanks! || Tips [LTC] --> LaytYJNCha7z7zcws5a2o2GWWjvWfDCGkr <--
|
|
|
|
Birdy
|
|
April 21, 2013, 10:19:08 AM |
|
any page showing interest accrued?
It will show up in the same section as the transactions. |
|
|
|
|
🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
April 21, 2013, 10:23:34 AM |
|
New feature: Locking of withdrawal addresses!
You can now lock your account to a specific withdrawal address in Settings. I recommend doing this now - even if you don't think you will be hacked, it's better to be safe than sorry.
You can unlock the address, however it will take 14 days before you are able to withdraw to any address you like. An email alert is automatically sent when there is an unlock request.
|
|
|
|
|
|
