[英]How to do a secure login with web3 (Metamask)?
So, I want to do a webpage, where you have to log in with metamask, only.所以,我想做一个网页,你只需要使用 metamask 登录。
I've seen that cryptokitties.co did a really good job, not even prompting for a password.我已经看到cryptokitties.co做得非常好,甚至没有提示输入密码。
The only thing they require is a signature from you.他们唯一需要的是您的签名。 But here is the thing I don't understand: What do you sign, that you are protected from a signature replay?
但这是我不明白的事情:你签署了什么,你被保护免受签名重放? Or are they protected from a signature replay in the first place?
或者他们是否首先受到签名重放的保护?
What I thought about so far (but it didn't work):到目前为止我的想法(但没有奏效):
However, if I invalidate the signed hash of the time on the server side and don't accept a second attempt, would this be a good practice?但是,如果我在服务器端使签名的时间哈希无效并且不接受第二次尝试,这是一个好习惯吗?
You can try:你可以试试:
I think it can work, but possibly there is a better way.我认为它可以工作,但可能有更好的方法。
These systems are zero knowledge这些系统是零知识
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.