in #8 months ago

From a pure security point of view, we should get rid of HiveSigner. The reason is at some point in the "configuration" process, you have to provide your private keys on a website and the authorization tokens are stored on an external server. In the past, we have experienced security token leaks and so many scams with fake HiveSigner sites. Although HiveSigner may have been a useful solution for a while, for me it is a solution of the past.

Sort:  

After I wrote this post I went back and looked at HiveSigner and immediately remembered why I don't like it and don't use it. I just didn't want to put any of my keys in that first screen.

So you're right, I won't be adding it. HAS and Keychain are 100% all I need right now.

I'm wondering if I should run a mirror of your HAS server. Do you think this could be put behind a load balancer? I can see there is an issue with state between calls.