commit db90efdfd2834e8c87aa03720874734af040ae6b parent b84fc2e45cf8ccaa11d94baec6fc5725d0276f42 Author: Florian Dold <florian@dold.me> Date: Mon, 29 Apr 2024 18:02:45 +0200 security considerations Diffstat:
| M | core/api-bank-wire.rst | | | 16 | ++++++++++++++++ |
1 file changed, 16 insertions(+), 0 deletions(-)
diff --git a/core/api-bank-wire.rst b/core/api-bank-wire.rst @@ -434,3 +434,19 @@ exposed by bank gateways in production. // It is different from the /history endpoints row_id. row_id: SafeUint64; } + + +Security Considerations +======================= + +For implementors: +* The withdrawal operation ID must contain enough entropy to be unguessable. + +Design: +* The user must complete the 2FA step of the withdrawal in the context of their banking + app or online banking Website. + We explicitly reject any design where the user would have to enter a confirmation code + they get from their bank in the context of the wallet, as this would teach and normalize + bad security habits. + +