commit security tutorial for review #258

zamrokk · 2024-01-11T15:19:21Z

Please give me any feedback on the security tutorial.
If more code is required to understand or hack a specific thing, please tell me.
It is not often easy to test security threats

vercel · 2024-01-11T15:19:26Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
docs-staging	✅ Ready (Inspect)	Visit Preview	Jan 30, 2024 2:42pm

docs/tutorials/security.md

docs/tutorials/security/part-1.md

docs/tutorials/security/part-2.md

docs/tutorials/security/part-3.md

zamrokk · 2024-01-22T09:06:54Z

Grammar is fixed. Is it ok now ?

timothymcmackin · 2024-01-22T18:10:52Z

I rebased and added some fixes to get this to build.

timothymcmackin

I can't review well because the repos appear to be missing or private.

.vscode/settings.json

docs/tutorials/security.md

docs/tutorials/security/part-1.md

docs/tutorials/security.md

docs/tutorials/security/part-1.md

docs/tutorials/security/part-3.md

timothymcmackin

The overview page has a long section on off-chain security, but the active parts of the tutorial are all on-chain security. Maybe this overview, both the on-chain and off-chain part, should be moved to a Security page under https://docs.tezos.com/dApps/best-practices?

docs/tutorials/security/part-1.md

docs/tutorials/security/part-2.md

zamrokk · 2024-01-31T07:44:28Z

The overview page has a long section on off-chain security, but the active parts of the tutorial are all on-chain security. Maybe this overview, both the on-chain and off-chain part, should be moved to a Security page under https://docs.tezos.com/dApps/best-practices?

Lot of offchain hacks are very basic web2 hacks. IMO, it is not necessary to invest too much on this as it does not add something new.
Onchain attacks are specific to web3 and new. It is important to explain how to protect against it

About the location of the introduction. Up to you. It is not just about "best practice", it is about security concern

timothymcmackin · 2024-01-31T12:32:01Z

The overview page has a long section on off-chain security, but the active parts of the tutorial are all on-chain security. Maybe this overview, both the on-chain and off-chain part, should be moved to a Security page under https://docs.tezos.com/dApps/best-practices?

Lot of offchain hacks are very basic web2 hacks. IMO, it is not necessary to invest too much on this as it does not add something new. Onchain attacks are specific to web3 and new. It is important to explain how to protect against it

About the location of the introduction. Up to you. It is not just about "best practice", it is about security concern

All right, I'm OK with it as it is. Should I merge it with my and Claude's approval?

zamrokk · 2024-01-31T13:22:01Z

The overview page has a long section on off-chain security, but the active parts of the tutorial are all on-chain security. Maybe this overview, both the on-chain and off-chain part, should be moved to a Security page under https://docs.tezos.com/dApps/best-practices?

Lot of offchain hacks are very basic web2 hacks. IMO, it is not necessary to invest too much on this as it does not add something new. Onchain attacks are specific to web3 and new. It is important to explain how to protect against it
About the location of the introduction. Up to you. It is not just about "best practice", it is about security concern

All right, I'm OK with it as it is. Should I merge it with my and Claude's approval?

For me it is ok, it can be improved later with future feedbacks

timothymcmackin · 2024-01-31T15:27:37Z

Merging. Thanks, @zamrokk!

commit security tutorial for review

c3ec06b

zamrokk requested a review from a team as a code owner January 11, 2024 15:19