subotai icon indicating copy to clipboard operation
subotai copied to clipboard

Published 20 hours ago verified publisher icon PabloMansanet

Security / Privileges

Open Boscop opened this issue 9 years ago • 3 comments

How can I prevent someone from connecting to my subotai network with a malicious client and manipulating the stored data? Is there a way to have privileges for a node?

Boscop avatar Nov 15 '16 22:11 Boscop

Hello Boscop :)

At the moment the storage system is accumulative; there is no way to remove an entry from the table other than via its renewable expiration time. This means there shouldn't be, in principle, a way for a malicious node to remove any stored data. However, there's nothing stopping a node from adding its own data to a particular key. When retrieving data from a given key, you will receive all entries associated with it; these have independent expiration times and will eventually disappear unless renewed explicitly.

Encrypting, decrypting and/or otherwise validating the stored data should then be a responsibility of the layer above, for the time being. Of course the project is in an early stage (haven't had time to tackle the issue with NAT traversal yet) so I don't discard making some improvements in that area soon.

PabloMansanet avatar Nov 16 '16 09:11 PabloMansanet

I would like to use subotai to build a decentralized messenging service. It would be really useful to have a way to restrict write access to certain values, like a user's private key. Otherwise users can be impersonated by replacing the private keys.

Boscop avatar Jan 06 '17 02:01 Boscop

Hello again Boscop,

I've been tied up with another project lately, but I will pick up the pace with Subotai development towards the end of this month. I'll bee looking forward to collaborate with you to get that feature into the network. Thanks for your interest!

PabloMansanet avatar Jan 09 '17 09:01 PabloMansanet