mtgox (OP)
|
|
July 18, 2010, 04:12:27 AM |
|
I see: Current Lowest Buy Price 0.1224 Current Highest Sell Price 0.05882
Meaning someone out there is wanting to sell BTC for 0.1224 And someone else is wanting to buy them for 0.05882
so if your buy price is below 0.05882 it wont show up until all the ones are sold at the better price. (better from the perspective of the seller)
|
|
|
|
Babylon
|
|
July 18, 2010, 04:16:35 AM |
|
I see: Current Lowest Buy Price 0.1224 Current Highest Sell Price 0.05882
Meaning someone out there is wanting to sell BTC for 0.1224 And someone else is wanting to buy them for 0.05882
so if your buy price is below 0.05882 it wont show up until all the ones are sold at the better price. (better from the perspective of the seller)
Ahhhh, I was reading these backwards. Thanks for straightening that out for me.
|
|
|
|
sirius
Bitcoiner
Sr. Member
Offline
Activity: 429
Merit: 992
|
|
July 18, 2010, 04:24:34 PM |
|
I didn't find any info about what payment methods are accepted. You should add something about that.
|
|
|
|
mtgox (OP)
|
|
July 18, 2010, 04:32:28 PM |
|
It says it on add funds page. but I'll add the info for unregistered users. It just takes paypal right now. Adding more soon.
|
|
|
|
NewLibertyStandard
|
|
July 18, 2010, 04:41:46 PM |
|
Where is the list of offers? Specifically how many bitcoins are being offered to buy and sell at different prices.
|
Treazant: A Fullever Rewarding Bitcoin - Backup Your Wallet TODAY to Double Your Money! - Dual Currency Donation Address: 1Dnvwj3hAGSwFPMnkJZvi3KnaqksRPa74p
|
|
|
mtgox (OP)
|
|
July 18, 2010, 05:07:33 PM |
|
Where is the list of offers? Specifically how many bitcoins are being offered to buy and sell at different prices. I don't have depth of market data displayed yet. I should have that in later today. Right now you can just see what the lowest ask and highest bid is.
|
|
|
|
NewLibertyStandard
|
|
July 18, 2010, 05:23:28 PM |
|
It looks like you hold PayPal USD in escrow, is that correct? This makes trading much smoother and quicker, but puts you at risk of having your PayPal account frozen. I think running an e-currency exchange is against their terms of use, but I don't know how much volume you'd have to have to draw their attention. I'm not saying it's going to happen, but if you use your PayPal account for other purposes, you should be aware of the risk. The nice thing about the other market website is that PayPal can't target the operator, they can only target the many users, which is much more difficult. But this method which is safer for the administrator, does of course come at the cost of fast trades.
|
Treazant: A Fullever Rewarding Bitcoin - Backup Your Wallet TODAY to Double Your Money! - Dual Currency Donation Address: 1Dnvwj3hAGSwFPMnkJZvi3KnaqksRPa74p
|
|
|
mtgox (OP)
|
|
July 18, 2010, 05:29:51 PM |
|
Yeah I don't think paypal is a long term solution. I just wanted to get the site up. I'm thinking of other funding methods now.
|
|
|
|
SmokeTooMuch
Legendary
Offline
Activity: 860
Merit: 1026
|
|
July 18, 2010, 08:04:08 PM Last edit: February 26, 2014, 11:42:57 PM by SmokeTooMuch |
|
It should work: Browser -> send to server (pref SSL encrypted) -> server receives and directs to script -> script hashes (adding salt, pref static + dynamic) and saves to db or verifies from db This is exactly what I'm doing. Maybe I'm, just too paranoid, but I think everyone who has physical access to the server on which your site is hosted can read my password out of the RAM if you only hash it once you receive it. and if he/she has my login data he could act as me and legally withdraw the funds in my mtgox account. why not just hash it before encrypting and sending it ?EDIT 2014-02-27:See this post https://bitcointalk.org/index.php?topic=444.msg3876#msg3876
|
|
|
|
eugene2k
Newbie
Offline
Activity: 37
Merit: 0
|
|
July 18, 2010, 09:20:16 PM |
|
SmokeTooMuch: Almost all sites do it this way. Are you worried that I personally will learn your password? You can just set your "password" to be the hash of your password if you are really worried. (or use a different one for mtgox)
I think he's worried that if someone sees the screen of his computer when he's on the site, it's just too easy to memorize the login information.
|
|
|
|
SmokeTooMuch
Legendary
Offline
Activity: 860
Merit: 1026
|
|
July 18, 2010, 10:19:41 PM |
|
that's not really what I'm afraid of, but thats an issue too.
hmm, but still, in theory, it would be possible for someone with physical access to your RAM to read my password, wouldn't it ?
|
|
|
|
lachesis
|
|
July 19, 2010, 12:22:48 AM |
|
this won't prevent you from stealing your users cash and btc. pls correct me if i'm wrong.
Passing the password in the GET string is wrong, but passing the password without hashing it is perfectly acceptable. As the DB operator, he could easily steal any bitcoins or cash you gave him. There's really nothing to do about that.
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5348
Merit: 13336
|
|
July 19, 2010, 01:14:03 AM |
|
that's not really what I'm afraid of, but thats an issue too.
hmm, but still, in theory, it would be possible for someone with physical access to your RAM to read my password, wouldn't it ?
If an attacker had that much access, he could modify the login page to remove the password-hashing JavaScript.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
InterArmaEnimSil
Member
Offline
Activity: 77
Merit: 10
|
|
July 19, 2010, 01:25:00 AM |
|
I see nothing about associated brokerage fees, etc, on the site. Care to fill us in? What's your take?
|
12aro27eH2SbM1N1XT4kgfsx89VkDf2rYK
|
|
|
InterArmaEnimSil
Member
Offline
Activity: 77
Merit: 10
|
|
July 19, 2010, 01:31:48 AM |
|
Maybe I'm, just too paranoid, but I think everyone who has physical access to the server on which your site is hosted can read my password out of the RAM if you only hash it once you receive it. and if he/she has my login data he could act as me and legally withdraw the funds in my mtgox account. why not just hash it before encrypting and sending it ?
Solution: 1)Use a unique password. 2)Only put funds in the account which are immediately to be used for trade 3)Don't trade at one time amounts larger than you don't mind losing. Then, even if they get your password, what do they do - steal five dollars?
|
12aro27eH2SbM1N1XT4kgfsx89VkDf2rYK
|
|
|
InterArmaEnimSil
Member
Offline
Activity: 77
Merit: 10
|
|
July 19, 2010, 01:35:35 AM |
|
Final post here for now: I assume that on the "Withdraw Funds" page we don't need to fill in more form elements than necessary?
Ie, if we want bitcoins back, we just give our BTC address. If we want a check, we give our mailing address, if we want paypal, we give our email address, but there's no need to give a mailing address or email address to get bitcoins back, right?
It would be great if the form changed per our selections - ie, if you wanted bitcoins, you wouldn't see anything for the USD withdraw options. If you wanted a check, you wouldn't see the request for paypal email or bitcoin address, etc. JQuery is nice, or any AJAX tool.
The same goes for the deposit forms.
Also, the site mentions that USD withdrawals are manual. Are bitcoin withdrawals automated? What about deposits (of both kinds)?
|
12aro27eH2SbM1N1XT4kgfsx89VkDf2rYK
|
|
|
mtgox (OP)
|
|
July 19, 2010, 02:07:27 AM |
|
InterArmaEnimSil: We make money by keeping a 2% spread between the buyer and seller. But the price you buy or sell at is the price you get. The way it works is if you enter a sell price of X the buyer sees the price as X*1.02. So your trades will complete at the price you see on your order the other guy will just be agreeing to a slightly different price. Adding this info to the site now...
Withdrawing: Yes you only need to enter in the fields pertinent to your withdraw. I'm going to make this form dynamic and better tomorrow. All withdrawals are manual for a few days until I'm more certain there are no major issues. But paypal and BTC should both become automatic soon.
Adding both types of Funds is automatic right now.
|
|
|
|
BitCoinPurse
Newbie
Offline
Activity: 34
Merit: 0
|
|
July 19, 2010, 02:18:20 AM |
|
Added $10, was credited with $9.41. I assume this is a 5.9% PayPal fee?
|
|
|
|
mtgox (OP)
|
|
July 19, 2010, 02:46:38 AM |
|
Yeah paypal's fee is 2.9% + $0.30 USD
|
|
|
|
InterArmaEnimSil
Member
Offline
Activity: 77
Merit: 10
|
|
July 19, 2010, 04:29:48 AM |
|
InterArmaEnimSil: We make money by keeping a 2% spread between the buyer and seller. But the price you buy or sell at is the price you get. The way it works is if you enter a sell price of X the buyer sees the price as X*1.02. So your trades will complete at the price you see on your order the other guy will just be agreeing to a slightly different price. Adding this info to the site now...
You should really add a "buyer's price" indicator to your selling form. For instance, what if I see that the current low price is $.05/BTC. I go, "If I beat that, then my offer will be the lowest and someone will take it!" So, I enter a price of $.0495/BTC. .0495*1.02=.05049. So, my price isn't the lowest, and my offer will not be taken up. If the form informed me of how much I get as well as how much a buyer paid, then I could tailor my offer to beat the current ones and still know how much I'd be making.
|
12aro27eH2SbM1N1XT4kgfsx89VkDf2rYK
|
|
|
|