3

In the wiki of the gun repo on github, there is a section about "Security, Authentication, Authorization" (Wiki Page). It describes the problem of how to avoid someone making invalid changes to the data like spamming the database or erasing the enitre database, but it doesn't describe how the problem is solved in gun. So the question simply is:

how is it solved?

Thanks a lot!

Tim de Putter
  • 281
  • 1
  • 2
  • 10
  • Great question! We don't have a code demo up yet, but I'll answer your question once we do - it roughly involves adding a pre `gun.on('in', cb)` hook that rejects messages (doesn't `next()`) if the signatures don't validate If somebody is willing to sit down with me we can prototype it out together. In the meantime, here are some other useful resources: 1 minute explainer videos on cryptography http://gun.js.org/explainers/data/security.html , and an example implementation of user login auth: https://github.com/swifty/gun-p2p-auth . – marknadal Feb 01 '17 at 22:13
  • Thanks for the answer, that explains a lot. If I understand correctly I would install such a hook on a 'trusted' node in the network eg. my server or something, right? Is the signature of the hook documented somewhere? – Tim de Putter Feb 02 '17 at 12:39
  • I'm working on an example P2P crypto social network now (although it isn't a high priority), hopefully I'll have it out that I can show it to you - so for now, no. Sorry about that. But soon! – marknadal Feb 04 '17 at 09:19
  • Thank you, no problem at all. – Tim de Putter Feb 06 '17 at 06:55
  • 1
    @marknadal any updates on this? – Ahmet Can Güven Nov 21 '19 at 22:25
  • @marknadal any updates on this? – Predrag Stojadinović Feb 25 '22 at 14:25

0 Answers0