trustchain.db is storing blocks from other apps which makes DOS attacks possible #80
Comments
|
This is indeed the current behaviour. You can overcome this attack vector by validating blocks before they're saved. |
|
Thx for quick reply. Do I have to subclass the TrustChainCommunity, rewrite the class itself or are there better posibilities? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I discovered that also blocks from other apps, peerchat in my case, are stored in the database.
Not aware that this might happen I tried to unpack the transaction, which results in a crash.
What I had to do is to check block.type before unpacking.
What I can also do is to change the serviceId for the TrustChainCommunity, but as we are also open source, this serviceId is also addressable by other apps. What I fear is that someone can use DOS attacks to make the db explode (no disk space left).
Am I missing something?
I would rather add an encrypted API key in the blocks, so that the app can check if this block comes from the same app and only store those blocks.
The text was updated successfully, but these errors were encountered: