trustchain.db is storing blocks from other apps which makes DOS attacks possible

[Artanidos]

trafficstars

I discovered that also blocks from other apps, peerchat in my case, are stored in the database.
Not aware that this might happen I tried to unpack the transaction, which results in a crash.

What I had to do is to check block.type before unpacking. What I can also do is to change the serviceId for the TrustChainCommunity, but as we are also open source, this serviceId is also addressable by other apps. What I fear is that someone can use DOS attacks to make the db explode (no disk space left).

Am I missing something? I would rather add an encrypted API key in the blocks, so that the app can check if this block comes from the same app and only store those blocks.

[InvictusRMC]

This is indeed the current behaviour. You can overcome this attack vector by validating blocks before they're saved.

[Artanidos]

Thx for quick reply. I initialize the trustchain as follows, in this case I can only validate our own specific blocks. trustchain.registerTransactionValidator(Backend.BLOCK_TYPE, object : TransactionValidator {

Do I have to subclass the TrustChainCommunity, rewrite the class itself or are there better posibilities? Sry, for asking noob questions, but I started with Kotlin 2 weeks ago. I am more the C/C++/C# guy ;-)