You are viewing a single comment's thread from:

RE: Meantime Joke / How Deep Can Love Go?

in #love5 years ago

Hi there, steemchiller! Would you check out one thing on Steem Account Recovery page on Steemworld? I think there is an error on
Incoming Recovery Request function.

A : Account to Recover
B : Recovery Account

When A has send a request account recovery, Incoming Recovery Request list is not shown to B has logged in. But that list is showing up when A has logged in. (This is impossible)

Would you check what happened on this page? Thanks for your great work.

Sort:  

Thanks for your bug report! I was testing it recently and all worked fine, but I will check it again today ;)

Thanks a lot for your kind reply :)

I started an Account Recovery Request for account @sw-test from my account @steemchiller. When I sign in with @sw-test, I see the request in the list as follows:



Are you really signed in with the right account? I tried to sign out and in again multiple times and it always worked without any issues for me :)

Yeah, but If @sw-test has got lost his private key he can't sign in to Steemworld.

I think If @sw-test want to recover his account, should @steemchiller make a request recovery transaction?

What I really wonder is how lost key account can sign in to Steemworld and check out the incoming recovery request. ;)

That's how the security mechanism of the blockchain is designed. And it makes sense when you think about it. Otherwise I could execute the recovery process without the permission from the users (I could change their keys without asking them).

Also it is required to enter the old Private Owner Key to confirm the recovery request. If an owner loses his keys, there is no way to recover his account. The Account Recovery is there to recover an account in case of a hack.

Thanks for noticing me. I think I didnt understand completely. Do you mean @sw-test can sign in with previous private key(a private key before changed by hacker) on sw to confirm the request?

Hey, you are right! There must be a possibility to enter the account name or sign in without the Posting Key in order to be able to accept the request, if the password was changed from the other side. It worked before, because it was on the Dashboard page and there was no login required.

Thank you very much for this important discovery! I will fix it now ;)


Update

It is fixed now and I was able to accept the request for @sw-test without signing in. There is now a new input field for the account name:

Coin Marketplace

STEEM 0.23
TRX 0.25
JST 0.038
BTC 95317.76
ETH 3302.38
USDT 1.00
SBD 3.31