Lock out obviously unwise/unintended operations behind a configuration option #243
Assignees
Labels
Comments
|
Since this has come up recently. Safety features that rely on reading comprehension are inadequate. DISABLE, not warn. |
This was referenced Aug 30, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For emphasis, and because people will inevitably freak out about certain things being prohibited: IF THIS IS IMPLEMENTED YOU CAN STILL DO THESE THINGS, IT WILL JUST TAKE EXTRA CONFIGURATION.
Following in the spirit of oasis-core (that stole the idea from sendmail), extremely unwise/unsafe/unintended operations should be strictly prohibited unless the wallet is explicitly configured to allow such behavior (The
DontBlameSendmailapproach).Off the top of my head, the following operations should be prohibited by default:
Token transfer to a validator address (As opposed to delagating).
Paratime to Consensus withdrawals to arbitrary addresses (restrict to the user's own addresses by default, in combination with Emerald -> To Consensus: Offer wallet's Oasis account's addresses as a drop down #190).
This would be in addition to the existing warnings (that the wallet should retain). But honestly, these operations are both uncommon, and typically "a really bad idea" enough to the point where flat out disabling them by default is the sensible thing to do.
The text was updated successfully, but these errors were encountered: