tank on Nostr: I want to like PWAs. But what‘s the strategy to mitigate attack vectors like web ...
I want to like PWAs. But what‘s the strategy to mitigate attack vectors like web server compromise and XSS? It seems like only a matter of time until honey pots are attractive enough, especially for lightning wallets. I‘m not sure the UX trade-offs of using browser extensions are workable as every signature/transaction would have to be confirmed within the context of the extension UI.
Published at
2023-06-25 10:44:38Event JSON
{
"id": "ac3ce1b26d7b970e152b76a222f5fa6473481fbe3caa1644fed88c56c2f982ed",
"pubkey": "311b497635856767ff5c1cefa2b8c5c875ce184ae4876da9279e829ba01dd129",
"created_at": 1687682678,
"kind": 1,
"tags": [
[
"e",
"7eb23eff8884a0addc6bea113746a82f61f7ac3338b056dd6a57ad1509fed273"
],
[
"p",
"c6f7077f1699d50cf92a9652bfebffac05fc6842b9ee391089d959b8ad5d48fd"
],
[
"p",
"fa984bd7dbb282f07e16e7ae87b26a2a7b9b90b7246a44771f0cf5ae58018f52"
]
],
"content": "I want to like PWAs. But what‘s the strategy to mitigate attack vectors like web server compromise and XSS? It seems like only a matter of time until honey pots are attractive enough, especially for lightning wallets. I‘m not sure the UX trade-offs of using browser extensions are workable as every signature/transaction would have to be confirmed within the context of the extension UI.",
"sig": "452cd773e149b434bebb1549384e7841666244dfe735508342968b0bddd1c1a9a964777256660bdd684a0f8216625b60d382829116ac1a754021c698c7be429e"
}