|
|
|
|
|
|
by kordless
4569 days ago
|
|
|
If you turned on your API key Coinbase and someone obtains that key, they can transfer coin on your behalf. From a productive paranoia perspective, I think this is a REALLY BAD IDEA for exactly the reasons posted here. People will use that key to 'try out' coinbase, and then end up forgetting to check their code and upload it to Github or Pastebin and then WHAM, you've got two problems: your Bitcoin is gone and Coinbase now has a marketing problem of potentially epic proportions. The guys at Coinbase need to turn OFF the API key feature as soon as possible. It has the potential of hurting the entire ecosystem. Edit: One suggestion to Coinbase would be to change the API key feature to only allow the API methods which don't result in sending payments. This allows quick use of their APIs in doing architectural design and ensures protection against key leakage. A second suggestion is to queue up outgoing transactions initiated by the API key into batches and use alerts (like through Pagerduty or similar) to notify the account owner transactions are pending and need approval. |
|
|