The generic signing method in Alby is a major security vulnerability. People don't know what they're signing or how much. We need a dedicated signBitcoinTransaction method.
Login to reply
Replies (2)
I apologize for my ignorance, but what is wrong with that?
that basically says the user is a security vulnerability or we have a too complicated system where users need to sign events that they don't understand? :) (at the same time users complain they get asked too much) and any signing prompt is imo better than handing over the private key.
generally the user needs a bit of trust in the webapp. otherwise signing something is never a good idea imo.
I think there is a signPsbt function.