Is your feature request related to a problem? Please describe.
Swapsteem deals with sensitive private information like payment details ( bank account details, crypto wallet addresses etc) to facilitate smooth trade, however it is not a safe practice to store such information centrally and unencrypted. We want a way to secure the system such that only the traders involved in trade can view each other's payment details and no one else.
Describe the solution you'd like
Currently payment details are stored in our centralized database whenever a listing/order is created. The details are also not encrypted before sending to the server and vice versa. We want to remove the need to provide payment details beforehand and make the system such that payment details are shared P2P once a trade is approved by the traders and the agent. The payment details can be shared with an encrypted custom_json transaction or transfer with encrypted steem memo
Describe alternatives you've considered
We can reuse the current flow and encrypt the payment details before storing and retrieving from the database, but this practice is not advised.
Additional context
It's a security related enhancement. Priority : High
bunyy
commented
2 years ago
Is your feature request related to a problem? Please describe. Swapsteem deals with sensitive private information like payment details ( bank account details, crypto wallet addresses etc) to facilitate smooth trade, however it is not a safe practice to store such information centrally and unencrypted. We want a way to secure the system such that only the traders involved in trade can view each other's payment details and no one else.
Describe the solution you'd like Currently payment details are stored in our centralized database whenever a listing/order is created. The details are also not encrypted before sending to the server and vice versa. We want to remove the need to provide payment details beforehand and make the system such that payment details are shared P2P once a trade is approved by the traders and the agent. The payment details can be shared with an encrypted custom_json transaction or transfer with encrypted steem memo Describe alternatives you've considered We can reuse the current flow and encrypt the payment details before storing and retrieving from the database, but this practice is not advised. Additional context It's a security related enhancement. Priority : High