NotLambchop
|
|
May 23, 2014, 02:51:32 PM |
|
I admire your spunk and "can-do" attitude. That, combined with good personal grooming (did you buy a new pair of socks like I've suggested?), is sure to propel you and your fine currencies exchange to dizzying heights!
|
|
|
|
theMiracle
|
|
May 23, 2014, 02:53:51 PM |
|
... Installation was not quite that simple...
Computers are hard...
|
|
|
|
rethink-your-strategy
|
|
May 23, 2014, 08:43:15 PM |
|
Protip: When coding a currencies exchange, it is important to pay attention to security from the gitgo.
You know how to change permissions on Apache, right?
I guess you could say this exchange
(•_•)
( •_•)>⌐■-■
(⌐■_■)
is hacked together.
YEEEEEAAAAAAAAAAH
|
|
|
|
MrWDunne (OP)
|
|
May 23, 2014, 08:51:11 PM |
|
Equally, you could say it is unfinished.
|
|
|
|
mikaeldice
Newbie
Offline
Activity: 29
Merit: 0
|
|
May 23, 2014, 09:38:38 PM |
|
I only spent a couple of minutes looking at the code here.. I don't know much about PHP or db_update function, so I could be wrong, but this seems a bit suspect to me. Can you verify whether this is accepting a POST request from a user and then directly including the user input in a database update with the only validation performed being a check for whether or not it begins with a number? https://github.com/wlox/wlox-api/blob/master/htdocs/api.php#L9https://github.com/wlox/wlox-api/blob/master/htdocs/api.php#L28This seems dangerous, like a potential SQL injection. While open source software is great for large projects that get lots of eyeballs on them, utilizing a smaller project like this exposes you to a lot of risk. There are what, 2-3 contributors to safeguard how many users in your target market? Once there is any amount of financial incentive behind inspecting the code base, such as this code going live somewhere, malicious users will spend countless hours peering through the code for the most miniscule errors that could lead to a compromise. They'll setup testing environments locally so that their actions aren't detectable until the deed is done. You should really investigate how the project is managed a bit more, as well. There appears to be no testing methodology in place.. zero code coverage. The repository is setup with only the single master branch, which means that any work on new features or changes aren't separated out until they can be confirmed as valid/secure/non-breaking before getting merged... Just be careful here.. You're working with people's money.
|
|
|
|
MrWDunne (OP)
|
|
May 23, 2014, 09:42:00 PM |
|
Mikael,
I totally agree with you. We are not launching using this code, the majority of it will be our own. Also we are having security audits done prior to launch.
I've not had much of a look like at the API yet, but it most definitely will be coming under heavy scrutiny. Please may you post that on their git?
|
|
|
|
instant-bitcoin
Newbie
Offline
Activity: 34
Merit: 0
|
|
May 25, 2014, 08:31:49 PM |
|
Sounds technically difficult and probably a scam. Also looking at the member other 'dice' website - looks like a child has produced it and is still not working.
Will avoid.
|
|
|
|
MrWDunne (OP)
|
|
May 26, 2014, 12:42:10 AM |
|
Sounds technically difficult and probably a scam. Also looking at the member other 'dice' website - looks like a child has produced it and is still not working.
Will avoid.
For reference, he is upset because I questioned the fee levels of his service. (see here: https://bitcointalk.org/index.php?topic=624924 ) Disregard-able comment
|
|
|
|
|
MrWDunne (OP)
|
|
June 02, 2014, 02:58:49 PM |
|
I somewhat understand your point, but the markup is still huge and they are not exchanges. We will be the first exchange with access to the UK banking network. Compare our highest fee tier of 0.4% to 5%+ markup and you will understand what I mean. If bitcoin is to be used as a currency, these fees are far to high. Losing 5%+ purchasing power instantly in unacceptable.
|
|
|
|
MrWDunne (OP)
|
|
June 03, 2014, 10:48:25 PM |
|
Second set of drafts coming through tomorrow.
Seen a little preview, already looking very sharp.
After that, we refine and then program. Looking good for the one month ETA
|
|
|
|
MrWDunne (OP)
|
|
June 04, 2014, 05:17:11 PM |
|
http://imgur.com/a/jw2qkSecond set of designs just came in, still refining them but I think it is looking incredibly sharp. Progress is advancing rapidly. 1 month ETA EDIT: Designers for some reason added adverts, of course there will be no adverts.
|
|
|
|
MrWDunne (OP)
|
|
June 08, 2014, 02:07:58 PM |
|
We have all of the needed funds to finish development of the platform. We will be needing more in the not too distant future but that will be for security/colocation.
Once the platform is ~90% complete we'll go through the next push for funding.
|
|
|
|
grandpa_seth
Sr. Member
Offline
Activity: 316
Merit: 250
Simcoin Puny Humans Communicator
|
|
June 08, 2014, 02:44:40 PM |
|
We have all of the needed funds to finish development of the platform. We will be needing more in the not too distant future but that will be for security/colocation.
Once the platform is ~90% complete we'll go through the next push for funding.
Thanks for the update. That is great news.
|
|
|
|
MrWDunne (OP)
|
|
June 08, 2014, 02:47:55 PM |
|
We have all of the needed funds to finish development of the platform. We will be needing more in the not too distant future but that will be for security/colocation.
Once the platform is ~90% complete we'll go through the next push for funding.
Thanks for the update. That is great news. I think so. We're currently working on the backend more than anything, in order to make day to day management of the exchange easier for myself. Design implementation begins on Monday.
|
|
|
|
Dogedigital
Legendary
Offline
Activity: 1330
Merit: 1000
|
|
June 09, 2014, 04:38:02 PM |
|
2FA?
|
|
|
|
MrWDunne (OP)
|
|
June 09, 2014, 04:51:23 PM |
|
2FA?
2FA by authy. Also among other things PGP for email (optional).
|
|
|
|
MrWDunne (OP)
|
|
June 09, 2014, 05:05:51 PM |
|
|
|
|
|
railzand
Sr. Member
Offline
Activity: 462
Merit: 250
Lux e tenebris
|
|
June 09, 2014, 06:33:14 PM |
|
Ooh that's great. And your own site?
|
|
|
|
MrWDunne (OP)
|
|
June 09, 2014, 06:38:06 PM |
|
Ooh that's great. And your own site? What do you mean? By secured I mean we own it.
|
|
|
|
|