MCozhusheck
commented
6 months ago JSON-RPC creates attack vectors where hostile actor could send requests to this rpc. By making direct communication with wallet daemon through IPC we keep JWT on the backend and just allow main view (through provider) to make calls and just return results to the tapplet. In this case tapplets needs to delegate calls to the wallet daemon to the provider which will ask users for permissions for listed actions that he will obtain from manifest.
This RFC describes how Tari Universe will integrate wallet daemon
Storing private keys and confidential data is crucial part of Tari Universe. To ensure security we suggest to adapt wallet daemon from tari-dan with some changes regarding communication where tapplet and wallet daemon communicate through IPC provided by Tauri framework.