[Question] Security and storage

[skyne98]

Hello there, guys!

I am very curious about the security and storage of your DB. As far as I can see, you can give write permissions. However, I am curious about one particular scenario. Let's say, I have a central server that is the main authority. It is designed to be as unimportant and as lightweight as possible, so most of the heavy lifting is done via the p2p data sharing.

1. The main idea initially was: give write permission to the main server only, leaving everyone basically read-only, while it is offline. However, it sounds too constraining. Are there any other possibilities or better battle-tested patterns? And, also, how secure will the whole system be?

2. Storage. Let's imagine I am creating Twitter-like service. Each user, message, and other data are stored on the distributed DB, which is the most intuitive way of achieving that. However, it makes me doubt about how feasible this tactic will be on mobile devices, with very limited data bandwidth and RAM. So, the question is, how is data being stored on the network? Does every user download and own the whole database? Or is it smartly split-up into chunks?

3. Does every user pin and host the database?

Sometimes I start to think that using some hand-written system, written on top of some WebRTC DHT, such as KAD.js might be overall more secure and simple to track problems in. For example, giving the main server a public-private key pair, which will allow it to sign some data pieces, that would be then stored on the client's side. However, it creates a question about data accessibility and sharing.

Thanks!

[aphelionz]

Moving to the Field Manual repo for more details / discussion