-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
get addresses by inbox id #1133
Conversation
Your org has enabled the Graphite merge queue for merging into mainAdd the label “queue” to the PR and Graphite will automatically add it to the merge queue when it’s ready to merge. You must have a Graphite account and log in to Graphite in order to use the merge queue. Sign up using this link. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
left a comment, but LGTM
&self, | ||
refresh_from_network: bool, | ||
inbox_ids: Vec<String>, | ||
) -> Result<Vec<FfiInboxState>, GenericError> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@insipx what do you think about changing this so it just returns the list of addresses? Is it weird to show other people all the installations a user has?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or maybe it fine to show what other peoples recovery address and installations are? Maybe @richardhuaaa has thoughts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's all stored publicly on the network anyway, so I don't think it matters much from a privacy perspective. It has to be public in order for your installation to know which installations to include in the conversation. Not sure what is important here from a usability perspective though!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay seems no harm in exposing it all in the sdk. Is the recovery address helpful in anyway from a integrator perspective? Is it like the main address if you had to choose just one to display?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The recovery address is the only address that can perform revocations on your account. It's a separate class of permissions because otherwise any compromised key could remove all other keys and take over the account. It's useful for a user to know their own recovery address, can't think of a use-case today for you to query someone else's recovery address though
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the inverse it almost seems bad to make it easy to access others recovery addresses as a attacker could target that address in particular to try to gain master access?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tho I guess it's public so people who really want to access that information can access it either way so I guess not a huge deal. The amount of money you have in your wallet is also public 😄
No description provided.