This commit is contained in:
alsere1 2024-06-14 11:28:09 +02:00 committed by GitHub
parent c32cbf91e1
commit c4130c6876
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -488,7 +488,7 @@ Metadata refers mainly to the embedded picture, motion pictures and other conten
There are two main security concerns that may arise here:
* One is that the URI where the image (or motion picture) is located might not be trustworthy. It can just be a randomly selected centralized service, on one hand there is no guarantee of availability, on the other hand the project team can modify the images at will, thus the NFT will no longer become an immutable "digital collectible". Generally it's recommended to use centralized storage solutions such as IPFS, Arweave, and select a well-known URI gateway service.
* One is that the URI where the image (or motion picture) is located might not be trustworthy. It can just be a randomly selected centralized service, on one hand there is no guarantee of availability, on the other hand the project team can modify the images at will, thus the NFT will no longer become an immutable "digital collectible". Generally it's recommended to use decentralized storage solutions such as IPFS, Arweave, and select a well-known URI gateway service.
* Another is the potential for privacy leakage. A randomly selected URI service might capture user's basic information (such as IP, User-Agent, etc)
Signing security is another big concern here, and we will illustrate it below.