Potential security risk with Demo testing Experts with AI websites.
Hi
I just tested an Expert demo, then realized this can be an extreme security risk.
Some of the demos are connecting now to AI websites directly. In MQL language, you can request account information. This data can now be sent to AI websites, if the developer is malicious this is extremely dangerous information to take from your account. Is mql4 and meta trader protecting users against this?
Rules of Using the Market Service state that:
"6. The Seller shall not integrate and apply any third-party sales, accounting, license control and update management systems (including the ones using WebRequest features) in Products."; and...
"10. The Product must not:
- Include links to third-party resources."
If the Market validator missed something, report it to the Service Desk.
Hi
I just tested an Expert demo, then realized this can be an extreme security risk.
Some of the demos are connecting now to AI websites directly. In MQL language, you can request account information. This data can now be sent to AI websites, if the developer is malicious this is extremely dangerous information to take from your account. Is mql4 and meta trader protecting users against this?
I hardly see what account information can be so "extremely dangerous" ? It's very strong wording.
Beside that WebRequest calls will only work if you allow them (adding the "URL" manually to authorized list). So nothing can be done without the user agreement.
Some developers ask for an account number (which only your account can use), but they don't have your account password so it's still safe.
Rules of Using the Market Service state that:
"6. The Seller shall not integrate and apply any third-party sales, accounting, license control and update management systems (including the ones using WebRequest features) in Products."; and...
"10. The Product must not:
- Include links to third-party resources."
If the Market validator missed something, report it to the Service Desk.
The Seller shall not integrate and apply any third-party sales, accounting, license control and update management systems (including the ones using WebRequest features) in Products."; and...
"10. The Product must not:
- Include links to third-par
In testing the demo of an expert in the marketplace, I didn't need to give access to OpenAi, but reading the instructions this is required.
How does the demo work if it does not have access to the OpenAi website that is needed in part of the setup?
Using the following code, I could load my account name, server, etc from back testing and assume that experts that I demo or purchase can view this data as well.
If this information is getting sent back to OpenAi, OpenAi has the ability to store data.
This data can be misused.
- AccountName
- AccountServer
The reason why I ask this, is that one of the experts worked great in the demo, but worried about it stealing my account information.
Sorry that I am paranoid about such things, I am a financial programmer and have to worry about this type of issues daily.
The reason why I ask this, is that one of the experts worked great in the demo, but worried about it stealing my account information.
Sorry that I am paranoid about such things, I am a financial programmer and have to worry about this type of issues daily.
If the use of the ea requires you to input your trading account title and password, then, if it were me, then, i would be opening a ticket to support to tell them about that ea.
However, as you were already informed -- if your password is not demanded, then, your account is safe.
If the use of the ea requires you to input your trading account title and password, then, if it were me, then, i would be opening a ticket to support to tell them about that ea.
However, as you were already informed -- if your password is not demanded, then, your account is safe.
I really can't see why an mql5 Market Seller would need an account name nor account number. The mql5 Market system automatically restricts usage to the given Buyer.
In "off-Market" sales, a seller does need account name and/or account number in order to hard code that restriction into the software (assuming that remote licensing/WebRequest is not used).
Even so, trading fund/pool operators regularly share their account numbers and investor passwords (not master passwords) without issue.
If your broker supports 2 factor authentication in MT5, that should end this alleged account security debate.
I really can't see why an mql5 Market Seller would need an account name nor account number. The mql5 Market system automatically restricts usage to the given Buyer.
In "off-Market" sales, a seller does need account name and/or account number in order to hard code that restriction into the software (assuming that remote licensing/WebRequest is not used).
Even so, trading fund/pool operators regularly share their account numbers and investor passwords (not master passwords) without issue.
If your broker supports 2 factor authentication in MT5, that should end this alleged account security debate.
- Free trading apps
- Over 8,000 signals for copying
- Economic news for exploring financial markets
You agree to website policy and terms of use
Hi
I just tested an Expert demo, then realized this can be an extreme security risk.
Some of the demos are connecting now to AI websites directly. In MQL language, you can request account information. This data can now be sent to AI websites, if the developer is malicious this is extremely dangerous information to take from your account. Is mql4 and meta trader protecting users against this?