heya
possibly related more to web3 in general, but
when connecting your wallet extension to a website, how secure is this connection and is it something that could potentially be spoofed?
i.e. does the connection require signing something with your private keys, or can anyone with a public key claim to be a wallets owner when ‘connecting’?
I’m thinking of using wallet extensions as a form of login for a (hypothetical) project of mine.
Right now I’m leaning towards generating a private/public key and having the user send the public key to a contract, after which the private key (& sender address) could be used to login.
This’d mean there’d be some gas fees for the user and the whole wallet connection would be out of the equation, too 
There possibly are some examples out there already, my apologies if this is a duplicate issue.