Comments (4)
Let me pile on another data validation question: How do we validate data when syncing with another peer?
In regards to the original question: Someday js-ipfs will be mature enough to allow the client to store their own data in the browser and use a server as a WebRTC gateway to sync with other peers. Until then we can use OrbitDB in the backend and have the server act as an oracle.
from field-manual.
@zbyte64 PouchDB stores data in the browser and can use PeerPouch to replicate data over WebRTC. Also, CouchDB (which can sync with PouchDB) allows you to add validation rules (written in js) inside the database itself. When the data is replicated to other servers in the cluster, the data is checked against these rules. Something similar to that on IPFS would be cool ;)
from field-manual.
but how would i prevent malicious users from spamming the application if i canโt perform server-side validation?
Short answer, in a strictly P2P sense, you can't. Just like you can't actually prevent them from spamming your validation server. I think what you were driving at though was an intermediary that could play referee.
Here I can point to two ideas:
- The library itself. This only works for actors that are using the library; most people will be using libraries that follow the "play nicely" rules. One of those rules is enforcing message validation before blasting it out to all the peers; others could be honoring message rates/bandwidth consumption limits.
Users that try and bypass the library and go direct will most likely be able to get messages sent to all the connected peers. The peers will validate these messages before applying the message and likely reject the request (assuming it's invalid).
But the malicious user can make the peers work. I'm hoping orbit-db has something similar to the bitSwap algorithm for punishing peers issuing spam and eventually severing connections with that peer.
- Put servers in the middle.
At the application level create two channels; one channel listens directly to the public channel that only a few "server" peers can update, while other channel is a private messaging channel to a "server" peer. These "servers" get messages from clients; validate it; then repeat it on the public channels.
Again a malicious attacker can make the servers work; hopefully getting banned from the channel if it's malicious.
from field-manual.
Moving to the Field Manual to go into more detail
from field-manual.
Related Issues (20)
- How does OrbitDB update the heads (tails?) (oplog?) on immutable IPFS HOT 3
- Error: No resolver found for codec "undefined" HOT 3
- Update Code Snippets to latest js-IPFS HOT 1
- Publishing Options
- Chapter on customizing OrbitDB HOT 2
- Ipfs.node.dag.get fails in Chapter 2 of the tutorial HOT 9
- TypeError: Cannot read property 'length' of undefined HOT 2
- 01_Basics.md: why do you use window.something for a nodeJS code? HOT 3
- [01_Tutorial/02_Managing_Data.md]: using await in node REPL HOT 2
- In `04_P2P_Part_1`, `NPP.connectToPeer` got `Error: Circuit relay dial failed as addresses did not have peer id` HOT 6
- field-manual/1-Basics outdated? HOT 6
- In 01_Tutorial I have some confusion
- Code example in 02 Managing Data errors
- IPFS Codecs issue HOT 1
- Outdated Tutorial [Chapter 1 & 2]
- Replication when 2 orbitdb apps connected to a single node IPFS does not work HOT 2
- Scaling database is not clear from the manual
- Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: No "exports" main defined in package.json HOT 2
- Database is not replicating in browser, Error(PublishError.InsufficientPeers)
- SQL standards
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from field-manual.