A nice use of the blockchain is to verify website ownership. This is somewhat easy to accomplish via a hash generation mapped to an address and website URL on the blockchain, and then a front-end check for that hash (via JS) of the websites source code meta data. Some simple JS could look for this hash and confirm, at least on a DApp front-end, that a certain address owns the website they are claiming to own. My question is, what is the security limitations of doing this hash verify check through JS? Is there a way to spoof the system? I don't see many, unless the DApp JS code was compromised itself, then perhaps someone could make sites verified when they are not. But if the DApp is open source, and JS code monitored, I don't see too many issues with this. As a potentially more secure alternative, the hash verifier could be a file, google does something similar to verify websites, and then to verify, the JS code looks for website_url/hash_verifier.html, and reads through the file to verify the website. This way only the owner could really make that addition, with that hash.
Anyways, Cheers!
3 ·
Comments