quiet icon indicating copy to clipboard operation
quiet copied to clipboard
verified publisher icon TryQuiet

Each client should validate orbitdb data

Open holmesworcester opened this issue 4 years ago • 2 comments

We should do everything we can to validate messages (and other data like channels and users) at the orbitdb layer, or between the syncing layer and the state layer, on the receiving end.

https://github.com/orbitdb/orbit-db/blob/main/GUIDE.md#custom-access-controller

validate:

  1. signature
  2. sender
  3. message data, format, etc.
  4. message size limits
  5. add corresponding message size limits to the frontend
  6. channels
  7. users
  8. community name

We should discuss what makes sense here. The basic idea is that if someone is sending tons of invalid messages that will be ignored, we don't want to be storing them forever.

holmesworcester avatar Dec 14 '21 19:12 holmesworcester

A this moment (we are on production version 1.8.0) we are validating point 1 - signature. So points 2-5 are still to be done.

kingalg avatar Aug 24 '23 10:08 kingalg