Hello Steem developers and SteemConnect users,
Project: SteemConnect, Pull Request
This PR is about increasing security of SteemConnect apps by adding a server IPs restriction.
Please type in this field the IPs of your servers that will be allowed to use SteemConnect API refresh token calls. When using an refresh token, we'll now check the app linked to this token and check if the server where the request is coming from is allowed.
You can leave this field blank but I don't recommend it especially if you're app is running in production and using offline access.
This security layer will prevent stolen tokens from being used on a server that you don't control. But this we not stop malicious code from being executed from your server. That is your responsibility.
Lastly if you're the owner of an app please take the time to increase your app security. Below is the list of all app owner that we know. If you find your name that means you own an app. So please take the time to update your app if it's running in production.
App's owner list:
@aaronteng, @abhishekvaid, @adoelesteem, @air-clinic, @airhawk-exchange, @akintunde, @alaingold, @alexverge, @aley, @anarcotech, @andreistalker, @andrekweku, @andybets, @aneilpatel, @anonycoin, @ansek, @anthonyadavisii, @aquacy, @arsteem, @asbear, @asgarth, @azaanwrites, @azarus, @bennierex, @betel, @biddle, @binjeeclick, @binkley, @birdinc, @blockchan, @bloque64, @bostrot, @br3adina7or, @cadawg, @callahan, @cdhexx, @cha0s0000, @christianjombo, @clevershovel, @cloh76, @codewithcheese, @comsamo, @creative-commons, @crowdini, @crypticwyrm, @cryptocrusaders, @cryptogecko, @cryptosharon, @crypto.talk, @cryptouru, @damaera, @darkflame, @debraycodes, @decebal2dac, @decentmemes, @deimus, @demotruk, @dgames, @dhealth, @disregardfiat, @doctor.fish, @doctorvee, @doreami93, @dpornco, @dragosroua, @dunite, @dwarrilow2002, @eastmael, @eddy-ghost, @elegance, @emrebeyler, @enki74, @ercu, @eternittyyy, @ety001, @ewq, @excitedntl, @fabien, @feekayo, @fel1xw, @fervi, @firedream, @fode, @franky4dita, @franticich, @freetissues, @funnyman, @gameland, @gangze, @gentlemanoi, @geronimo, @gktown, @gokulnk, @good-karma, @gregory.latinier, @guix77, @hakancelik, @harjuky, @harpagon, @heimindanger, @helo, @heriadi, @hernandev, @hightouch, @howo, @hoxly, @hrock, @hsynterkr, @hui.zhao, @hyperspaceonline, @iamankit, @icaro, @idlebright, @igster, @iguazi123, @ikidnapmyself, @imlikett, @inertia, @institute, @jacobyu, @jakipatryk, @jakipatryk-dev, @jalasem, @jamzed, @jefft, @jefpatat, @jeonghckr7, @jes2850, @jestemkioskiem, @jlebrijo, @jm90mm, @jmsofarelli, @jnmarteau, @johnesan, @jrawsthorne, @juicer, @jungs, @justinadams, @kellyjanderson, @kennybll, @kirkins, @kizzbonez, @klye, @knowledges, @koinbot, @kryptonia, @kwlvarun, @kws4679, @lanmower, @leap8, @leebs1986, @letseat, @leventsane, @lightproject, @lopezdacruz, @lrmedia, @mafouani, @mahdiyari, @markangeltrueman, @martibis, @maxg, @maxse, @mburakolgun, @memeit.lol, @minnowhelperteam, @mkt, @modenacook, @moonrise, @morning, @mowilimi, @mungprik, @mys, @nareshbalaji, @newmoney32601, @nhj12311, @nicniezgrublem, @nikema, @nirgf, @nnnarvaez, @noisy2, @notaku, @ocdb, @okc, @olegn, @olo2552, @omeratagun, @orine, @oroger, @oudekaas, @oups, @overmedia, @pankajwahane, @paolobeneforti, @peerquery, @peneinc, @perduta, @pharesim, @planetenamek, @pranishg, @precise.bot, @predictev, @prenaio, @profchydon, @programminghub, @purec, @puzzledbytheweb, @qny37, @r351574nc3, @ragepeanut, @rahulsps, @ranamuneeb, @reazuliqbal, @recrack, @reggaemuffin, @resteemable, @revo, @rileyge, @rishi556, @robin-maki, @robinron, @ryanli827, @sahidmiller, @sailei1, @sakujo, @salajro, @sambillingham, @samrg472, @schererf, @scorum.community, @scottweston, @sdavignon, @sean0010, @sedatyildiz, @segyepark, @selected, @senku, @sevenfingers, @shango, @shaunmza, @shiningpil, @sidibeat, @sigmundfreud, @sircork, @sjworld, @skenan, @sly13, @smartsteem, @smjn, @snwolak, @soulast, @spmarkets, @steem4keys, @steemalien, @steemanswer, @steemcreate, @steemcurve, @steemdesk, @steemfair, @steemgigs, @steemhelper.com, @steemhunt, @steemic, @steemit-casino, @steemitgame.dev, @steemit.lol, @steemiz, @steempedia.com, @steempostitalia, @steempunknet, @steemraise, @steemvids, @stoodkev, @supahefty, @supergamer, @svosse, @sweever, @syedumair, @talhasch, @taskmanager, @tasteem, @t-bot, @techchat, @tensor, @testbed, @tevo200, @theoldnavy, @thiagosouza, @thornaci, @timothy-mee, @tonychch, @touhidalam69, @tpdns90321, @tray, @twittertipper, @ubg, @ukuleletutorials, @upheaver, @upmewhale, @utopian-io, @vallesleoruther, @vhinojosa, @walnut1, @wehmoen, @wonki33, @wordchase, @x30, @yabapmatt, @yulem, @zakiii, @zemso, @zenkly, @zombee, @zonguin, @zygibo
If you have any questions or concerns feel free to discuss it with us on our discord channel.
Don't forget to follow us @busy.org and use our platform https://busy.org if you like our work! You can help us too by voting for our witness here: @busy.witness
Thanks for reading!
Greg from the @busy.org team