I think not, as THIS key resulted in the 'Error transferring etc....'
I am quite sure this key is NOT functional anymore.
That's the problem, you must be SURE it's not functional. It may not
work on your side (for whatever reason). Do not publish a private key - blurr
it!
I may open a ticket on BrickStore so Robert shows only few characters like for
credit card numbers like "x9Av6h........kUiom2" in this message bow,
so you're safe to take a snapshot.
One of these days someone WILL publish a functionnal key.
Then someone will come and upload Millenium Falcons UCS at 200€ brand new and
the shop will be closed for scam, and the owner will lose all PayPal fees in
refunding
I think not, as THIS key resulted in the 'Error transferring etc....'
I am quite sure this key is NOT functional anymore.
Please clarify what the harm could be.
To clarify this further... In essence an attacker can take the text of the private
key and then use it in their own access to BrickLink. This would mean they would
have access to whatever the key allows for the owner - in this case it will likely
mean access to the shop inventory.
More generally it's access to whatever the BrickLink API allows to be read
and written. So, in theory, they might be able to list items as if the owner
had listed them as suggested by 1001bricks (ie. spoofing the compromised account.)
Without knowing more about how BrickLink has implemented this, we really don't
know how large the attack model is. For example, assuming this key is not functional,
if the key was ever reused for another user the attacker can simply wait for
it to become live again. (This would be protected against if the username is
also sent along with the key when accessing the API.)
The team who are taking care of this area of BrickLink probably ought to consider
this issue - hopefully 1001bricks has raised a ticket.
Netherlands, Gelderland
France, Provence-Alpes-Côte d'Azur
United Kingdom, England