diff options
| author | Florian Dold <florian@dold.me> | 2024-04-29 18:02:45 +0200 |
|---|---|---|
| committer | Florian Dold <florian@dold.me> | 2024-04-29 18:02:45 +0200 |
| commit | db90efdfd2834e8c87aa03720874734af040ae6b (patch) | |
| tree | c42893b4a36d4838312d3ed36fb353265862b8d5 | |
| parent | b84fc2e45cf8ccaa11d94baec6fc5725d0276f42 (diff) | |
| download | docs-db90efdfd2834e8c87aa03720874734af040ae6b.tar.gz docs-db90efdfd2834e8c87aa03720874734af040ae6b.tar.bz2 docs-db90efdfd2834e8c87aa03720874734af040ae6b.zip | |
security considerations
| -rw-r--r-- | core/api-bank-wire.rst | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/core/api-bank-wire.rst b/core/api-bank-wire.rst index 524a152a..34658f01 100644 --- a/core/api-bank-wire.rst +++ b/core/api-bank-wire.rst @@ -434,3 +434,19 @@ exposed by bank gateways in production. // It is different from the /history endpoints row_id. row_id: SafeUint64; } + + +Security Considerations +======================= + +For implementors: +* The withdrawal operation ID must contain enough entropy to be unguessable. + +Design: +* The user must complete the 2FA step of the withdrawal in the context of their banking + app or online banking Website. + We explicitly reject any design where the user would have to enter a confirmation code + they get from their bank in the context of the wallet, as this would teach and normalize + bad security habits. + + |