You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Each query in db3 needs to be signed with the user's private key. It has a poor user experience and some potential security issues, so I propose a new protocol that the signature is required only when opening the session and closing the session.
the protocol has the following steps
open a query session with the user's signature
the node checks the validity of the signature and returns a session token
the SDK sends queries to the node with a valid token
when the session reaches its limit of query count, the SDK closes the session with the user's signature
Solution
Security
Alternatives
Additional context
How did the others solve this problem
the graph, their use an API token to solve this problem in a centralized way
imotai
changed the title
WIP: Propose a new query session protocol to avoid sigining every request
WIP: Propose a new query session protocol to avoid signing every request
Nov 23, 2022
Motivations
Each query in db3 needs to be signed with the user's private key. It has a poor user experience and some potential security issues, so I propose a new protocol that the signature is required only when opening the session and closing the session.
![new_query_session_protocol](https://user-images.githubusercontent.com/8623385/203764531-bb7418c2-3271-4bf7-a86d-bbb38bc072e2.png)
the protocol has the following steps
Solution
Security
Alternatives
Additional context
How did the others solve this problem
Discussion
Status
The text was updated successfully, but these errors were encountered: