RE: Introducing SportsPredictSocial, predict results of upcoming sport events and get rewarded with SPORTS tokens
You are viewing a single comment's thread:
@leedsunited thank you for pointing out a very real security issue on login. This was an oversight as the testing for it was completed on the direct server and it appears that @gotgame hasn't reset the certificate to work at sportspredictsocial.com vs the heroku app. The direct server can be used with SSL at https://sportspredictsocial.herokuapp.com/login.html.
Even with a secured login page I agree there needs to be additional login options made available. Right now you can use a posting key (what I tested the service with) to make posts but you're still submitting that to @gotgame's servers. I've asked that Steem Keychain and/or Steemconnect be utilized for login in the future and anticipate that as one of the first software updates.
All this being said the site does work for creating predictions albeit still needing lots of work to be fully ready for regular users. I've personally been able to submit a prediction via an alt account that I tested with. Unfortunately it still has issues at the time where I was able to select far too many outcomes including opposite sides of the same matchup but none the less the progress @gotgame has made since first telling me about it has been amazing.
As for the upcoming payments for predictions I believe that stems from some of my suggestions off my initial usage of the app. I had recommend that there be a second mode with a running pot that users would have to submit daily matches for. If they get one wrong then they're out for that season. I suggested to let users pay a burn fee to skip a daily prediction in that mode and thus they could move to the next day if they weren't sure who would win. I assume this was what he was referencing in this announcement as my understanding was that the regular prediction upvote system was going to be a free system. I won't speculate too much here though because it's up to @gotgame how he'd like to run his app.
Thanks Patrick. I think that sometimes things get lost in translation a little so I am hesitant to condemn but even with the purest of intentions, the issue of posting keys into a website is a very dangerous thing to do.
I hope @gotgame gets these issued sorted and can come up with a secure and viable product.