Possible security concern in Use Payment Channels tutorial

[DennisDawson]

[@ledhed2222] We were looking at the docs for payment channels. the tutorial recommends using channel_authorize here. i don’t think it should, since it represents a serious security issue unless the sender of the payment controls their own rippled node. the tutorial instead should recommend using the libraries/SDKs to sign the payment. in xrpl.js this is the authorizeChannel method.

[intelliot]

On the other hand, if someone is willing to run their own rippled node, I'm strongly in favor!

Even without using channel_authorize, there are still other risks to using third party rippled servers. It's always possible (even if exceedingly unlikely) that they will lie to you or deceive you in some way.