Questions about data validation #100
Comments
|
Let me pile on another data validation question: How do we validate data when syncing with another peer? In regards to the original question: Someday js-ipfs will be mature enough to allow the client to store their own data in the browser and use a server as a WebRTC gateway to sync with other peers. Until then we can use OrbitDB in the backend and have the server act as an oracle. |
|
@zbyte64 PouchDB stores data in the browser and can use PeerPouch to replicate data over WebRTC. Also, CouchDB (which can sync with PouchDB) allows you to add validation rules (written in js) inside the database itself. When the data is replicated to other servers in the cluster, the data is checked against these rules. Something similar to that on IPFS would be cool ;) |
Short answer, in a strictly P2P sense, you can't. Just like you can't actually prevent them from spamming your validation server. I think what you were driving at though was an intermediary that could play referee. Here I can point to two ideas:
Users that try and bypass the library and go direct will most likely be able to get messages sent to all the connected peers. The peers will validate these messages before applying the message and likely reject the request (assuming it's invalid).
Again a malicious attacker can make the servers work; hopefully getting banned from the channel if it's malicious. |
|
Moving to the Field Manual to go into more detail |
hi there! I have a P2P app that i want to build and i’ve recently stumbled across OrbitDB. I’m new to all this p2p stuff and i’m confused about how data validation works using a client-side db. I’m familiar with using public key cryptography to sign and verify transactions, but how would i prevent malicious users from spamming the application if i can’t perform server-side validation? Wouldn’t i need some sort of smart contract? Thanks.
The text was updated successfully, but these errors were encountered: