Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Trading Discussion
Re: Trading Bot possible? and how to get it?
by
KS
on 12/05/2013, 20:54:09 UTC
Quote from: btc_lurker on May 11, 2013, 09:46:43 PM
Quote from: fluidjax on May 11, 2013, 08:02:51 PM
Quote from: btc_lurker on May 11, 2013, 02:57:01 PM
I feel very uncomfortable in trading at Bitstamp (and some other exchanges) through the API, and I hope they did different decisions in their internal code. Why, oh why, did they think it was a good idea to send user and password when making requests ? This is too sensitive, and users very often pick the same password for different services. This data is ultimately going through HTTPS, but still..

I understand the gut reaction, but it's https! The real risk lies at each end of the connection. But then there would still be risk at each end even if they used something like gox's secret.
DO you not have faith in https?

There is a huge difference in using generated key/secret pairs from using the actual username/password pairs. For a starter, the former can be restricted to perform only certain operations, the latter can perform everything always. Even if some key/secret from MtGox or BTC-e were leaked, it could be the case that the attacker wouldn't be able to do anything interesting with them.

agree. why not use a hash of the pwd/login combo instead??