In Can anybody Point out the Difference between Web3.eth.sendTransaction and web3.eth.signTransaction?, the author of https://ethereum.stackexchange.com/a/73705/61096 mentions how unlocking an account in code is not a good idea and proceeds to sign a transaction using the private key directly. But why is using the private key better than unlocking the account?
Asked
Active
Viewed 453 times
1
-
1Because if somebody hacks the node which maintains your unlocked account, then they can exploit your account at will. – goodvibration Jun 10 '20 at 15:12
-
1BTW, the author of that question does not mention such thing! – goodvibration Jun 10 '20 at 15:14
-
My bad. I meant your answer on that question. However, wouldn't hacking our node with this application code (the one that unlocks using private key) also allow them to exploit the account at will? – darkknight97 Jun 10 '20 at 15:26
-
You don't have to keep your private key in the application code. You can, for example, encrypt it with a password, which the owner of the private key will enter each time he or she wants to perform the transaction (a luxury which you lack when keeping your account unlocked on the remote node). – goodvibration Jun 10 '20 at 15:30
-
I'm not an expert in security though, so you might wanna consult on that in the appropriate forum. – goodvibration Jun 10 '20 at 15:41
-
I was simply curious how the manual signing with private key could be better. So it's cool – darkknight97 Jun 10 '20 at 15:48