We have two dApps one is on domain https://example.com
and the other is on https://sub.example.com
; Very basic apps which are utilizing Blocknative @web3-onbord
; So is it even possible when a user has been connected to our dApp (lets say with some Metamask wallet) on some kind of redirect to transfer that data from one domain to another and to skip the whole connection process and further more is this a possible security issue?
No, this is not possible as it's a complete security breach if it happens. When the transaction is signed on wallet (like Metamask) the actual process of executing the transaction is done by the private key of the wallet which is responsible for encrypting the transaction data and signing it.
If the private key is stored somewhere in the database, then the transaction can be signed behind the scenes using backend process. But storing the private key of the wallets in the server side is not recommended and can lead to security breach in the platform.