[Final Report] Finish the Brief report of (Aeasy-io and Aens.io)

Dear all

I’m glad to join the AE community. Although the functionality is almost complete, I will continue to maintain and fix bugs

See here for a brief reportBrief report of.pdf (1.2 MB)

Aeasy.io now supports more than 20 interfaces for docking stations to access
AEns.io already offers many users the option to renew a domain name

Application details : [Completed] Aeasy.io and Aens.io improvements of the proposal - #2 by LiuShao.chain

Thank you again to the foundation, thank you all

Baixin

@lydia

4 Likes

Hi @Baixin.chain
Thank you very much for your report.
As you may see the feedback from @gorbak2. ([Completed] Aeasy.io and Aens.io improvements of the proposal - #41 by lydia)
You also replied this concern in the original thread. Please try to fix this security concern ASAP, so we can finalize the project.
Thank you.

Best
Tina

Like most wallets, security is the responsibility of the user. It is not recommended that users copy and paste, screenshots, etc., starting with Bitcoin, we have entered letter by letter.

Yes @Tina ,
I replied to @gorbak2 5 days ago that mnemonic login can also be logged in without copying, just like login with base wallet.
I also chose mnemonic login for multiple reasons

Hi @Baixin.chain
Thank you for your reply.
Actually the security concern we were talking about is your application requires the user to send the mnemonic to a random server.
I think @gorbak25 will elaborate it.

@Tina @gorbak25

Thank you, I have learned something new

I should know what you mean, in general should be word mnemonic or all operations related to the private key should be placed on the client, so that I may want to change is not just a word mnemonic login that part, and the domain name transfer and registration renewal, shall be conducted in the client through the JS - SDK after signature to send signature to GO - SDK for processing, this condition should be met

1 Like

Exactly.
The private key/mnemonic should NEVER leave the client. The current version of aens and aeasy requires users to send their mnemonic to a server in order to handle creation and signing of transactions - this puts a lot of trust in this server. You may leave most of the old logic but tx creation and signing should happen on the client side.

2 Likes

Ok, I see. I will modify according to these

3 Likes

@gorbak25 @Tina

I have just finished your Suggestions. The current implementation is that the server provides data for the front end to display, and the front end USES JS-SDK for a series of operations such as signing. You can now access aens.io to view or audit it.
aens.io open source code in: GitHub - sunbx/Aens.io: A name management system based on Aeasy-Io makes THE development and use of AENS more convenient

Improvements to Aeasy.io have also been completed, but they are not yet online as some merchants are already using aeasy.io. We plan to go online on November 15th
aeasy.io open source code in: GitHub - sunbx/AEasy.io: AEasy is Convenient Aeternity Framework . AEasy quickly, conveniently realize Aeternity aepp development
The development documentation has also been updated: GitBook

Thank you all for your advice and help me make progress

2 Likes

@Baixin.chain Thank you very much for the security improvement! Please add in your user documentation the your projects were supported by the Aeternity Foundation.