orbitdb says it cant do it https://github.com/orbitdb/field-manual/blob/684c7a1aa427c9acfe4d73cd28d64880e072b086/01_Tutorial/06_Identity_Permission.md#on-security
but users want to give/take writing permissions to dbs
how to implement user model without 3d-party services or ipns?
what to use for user identity?
peer-id and private-key
specifically - of ipfs node - a config json file that node generates
running ipfs init /path/to/config allows to create same node with identity
it is simple - no need for DIDs - it works as SSH keys
ownership
program starts with discovery - users need to be able to discover dbs, like we can discover repos on github
program creates a public orbitdb database anyone can write to
users publish the dbs they want others to see to that list
and - when the write they also write name of db
if same name - how do we now that this db is actually from owner we expect? by peer-id
every message on pubsub - and also orbidb write entries - have peer-id of who posted them
so program shows name of db and peer-id of author - this way we know that that record in discovery db is exactly from that peer
and - as long as config file with peer-id and private-key is not lost - that person owns that identity
how to add/revoke writes in orbitdb without re-creating new db with new id? without 3d party services or ipns?
this is brilliant
an owner - always an owner - wants to give/take permissions
once owner creates db, program also creates a access-cotrol database - a list simply - with write permissions only to owner
other peers clone owner's db - and program also clones access-control db
program implements custom access-controller that reads from access-controller db and checks - is peer listed there? then they can write
no third party anything needed - all is already done within orbitdb
and that access controller list already decentralized and persistent and replicatable
is orbitdb id needed? is orbitb/keystore needed?
no
if program were to use ObritDBAccessController - where permissions are give by orbitdb id - then yes
but it is useless - we can add or revoke
and - as said above - the better solution is access-controll-peer-id-list-db that comes with each database
and for that - custom access-controller is needed
and since we have that - why would we make it use orbitdb identity when peer-id is much better - it is the identity of user, that they can persist and backup and they init ipfs from again
one identity - ipfs node config json file with peer-id and private-key
Related
As I understand when using web3.eth.accounts.create(), it doesn't add the account to chain (I'm using ganache-cli for testing), but web3.eth.personal.newAccount() does.
Is it the main purpose or is it a bug?
Is there other differences?
web3.js version: 1.0.0-beta.34
Both versions create a new account on the blockchain. The difference is how you interact with the node and having access to the private key. If you have a local node, you can use web3.eth.accounts.create which will create the account and provide you access to the private key generate so it can be stored locally. However, since returning the private key over a connection isn’t secure, you should never use this approach to create an account if you connect through a provider like Infura.
On the other hand, you can use web3.eth.personal to create a new account on a remote node. In this case, the private key will not be returned to you, so you lose some flexibility with accessing your account. When you don’t have the private key, you can’t sign transactions locally. In order to run transactions, you have to call unlockAccount on the remote node. Note that you have to send your password to create/unlock your account using web3.eth.personal, so you still need to make sure you using a secure connection.
Review this Medium blog post for additional info.
I have been reading the documentation for last 2 days. I'm new to feathersjs.
First issue: any link related to feathersjs is not accessible. Such as this.
Giving the following error:
This page isn’t working
legacy.docs.feathersjs.com redirected you too many times.
Hence I'm unable to traceback to similar types or any types of previously asked threads.
Second issue: It's a great framework to start with Real-time applications. But not all real time application just require alone DB access, their might be access required to something like Amazon S3, Microsoft Azure etc. In my case it's the same and it's more like problem with setting up routes.
I have executed the following commands:
feathers generate app
feathers generate service (service name: upload, REST, DB: Mongoose)
feathers generate authentication (username and password)
I have the setup with me, ready but how do I add another custom service?
The granularity of the service starts in the following way (Use case only for upload):
Conventional way of doing it >> router.post('/upload', (req, res, next) =>{});
Assume, I'm sending a file using data form, and some extra param like { storage: "s3"} in the req.
Postman --> POST (Only) to /upload ---> Process request (isStorageExistsInRequest?) --> Then perform the actual upload respectively to the specific Storage in Req and log the details in local db as well --> Send Response (Success or Failure)
Another thread on stack overflow where you have answered with this:
app.use('/Category/ExclusiveContents/:categoryId', {
create(data, params) {
// do complex stuff here
params.categoryId // the id of the category
data // -> additional data from the POST request
}
});
The solution can viewed in this way as well, since featherjs supports micro service approach, It would be great to have sub-routes like:
/upload_s3 -- uploads to s3
/upload_azure -- uploads to azure and so on.
/upload -- main route which is exposed to users. User requests, process request, call the respective sub-route. (Authentication and Auth to be included as well)
How to solve these types of problems using existing setup of feathersjs?
1) This is a deployment issue, Netlify is looking into it. The current documentation is not on the legacy domain though, what you are looking for can be found at docs.feathersjs.com/api/databases/querying.html.
2) A custom service can be added by running feathers generate service and choosing the custom service option. The functionality can then be implemented in src/services/<service-name>/<service-name>.class.js according to the service interface. For file uploads, an example on how to customize the parameters for feathers-blob (which is used in the file uploading guide) can be found in this issue.
I'm building an application that stores files into the FIWARE Object Storage. I don't quite understand what is the correct way of storing files into the storage.
The code python code snippet below taken from the Object Storage - User and Programmers Guide shows 2 ways of doing it:
def store_text(token, auth, container_name, object_name, object_text):
headers = {"X-Auth-Token": token}
# 1. version
#body = '{"mimetype":"text/plain", "metadata":{}, "value" : "' + object_text + '"}'
# 2. version
body = object_text
url = auth + "/" + container_name + "/" + object_name
return swift_request('PUT', url, headers, body)
The 1. version confuses me, because when I first looked at the only Node.js module (repo: fiware-object-storage) that works with Object Storage, it seemed to use 1. version. As the module was making calls to the old (v.1.1) API version instead of the presumably newest (v.2.0), referencing to the python example, not sure if that is an outdated version of doing it or not.
As I played more with the module, realised it didn't work and the code for it was a total mess. So I forked the project and quickly understood that I will need rewrite it form the ground up, taking the above mention python example from the usage guide as an reference. Link to my repo.
As of writing this the only methods that aren't implement is the object storage (PUT) and object fetching (GET).
Had some addition questions about the Object Storage which I sent to fiware-lab-help#lists.fiware.org, but haven't heard anything back so asking them here.
Haven't got much experience with writing API libraries. Should I need to worry about auth token expiring? I presume it is not needed to make a new authentication, every time we interact with storage. The authentication should happen once when server is starting-up (we create a instance) and it internally keeps it. Should I implement some kind of mechanism that refreshes the token?
Does the tenant id change? From the quote below is presume that getting a tenant I just a one time deal, then later you can use it in the config to make less authentication calls.
A valid token is required to access an object store. This section
describes how to get a valid token assuming an identity management
system compatible with OpenStack Keystone is being used. If the
username, password and tenant details are known, only step 3 is
required. source
During the authentication when fetching tenants how should I select the "right" one? For now i'm just taking the first one similar as the example code does.
Is it true that a object storage container belongs to only a single region?
Use only what you call version 2. Ignore your version 1. It is commented out in the example. It should be removed from the documentation.
(1) The token will be valid for some period of time. This could be an hour or a day, depending on the setup. This period of time should be specified in the token that is returned by the authentication service. The token needs to be periodically refreshed.
(2) The tenant id does not change.
(3) Typically only one tenant id is returned. It is possible, however, that you were assigned more than one id, in which case you have to pick which one you are currently using. Containers typically belong to a single tenant and are not shared between tenants.
(4) Containers are typically limited to a single region. This may change in the future when multi-region support for a container is added to Swift.
Solved my troubles and created the NPM module that works with the FIWARE Object Storage: https://github.com/renarsvilnis/fiware-object-storage-ge
I'm collecting some analytic data on my client device which does not require any initial data from the server database.
Is it possible to start with an empty database, add some analytic documents and then when I'm ready use push replication to add those documents to my server database with the sync gate?
I'm going to have an analytics channel but I don't want to pull EVERYTHING from that channel into my client database since it doesn't care about what's there already, it only wants to add to it.
I would be asking this question on the Couchbase forums but it is currently down.
Sure, push and pull replications are entirely separate so as long as you do not create a pull replication you won't receive any data from sync gateway.
Use the following API from CBLDatabase to upload data to server.'
/** Creates a replication that will 'push' this database to a remote database at the given URL.
This always creates a new replication, even if there is already one to the given URL.
You must call -start on the replication to start it. */
- (CBLReplication*) createPushReplication: (NSURL*)url;
Here's an example how you can setup push replication.
NSURL* url = [NSURL URLWithString: #"https://example.com/mydatabase/"];
CBLReplication *push = [database createPushReplication: url];
push.continuous = YES; // NO for One-shot replication
//After authenticating and adding progress observers here, call -start
[push start];
You can set-up pull replication(if needed) in similar way by using -createPullReplication:. Read more from docs over here - Replication.
First Project: Spring3, Security3, Hibernate, MYSQL - How to install user tracking into database
I am working on my first project with Spring3, Security3, Hibernate, MYSQL.
I have the system working great I use Spring3 and Security3 goign to MySQL for the login and
using Spring3 MVC, Hibernate and MYSQL for system data.
I have a number of questions. Once I login does Spring Security save the user object somewhere that I can have
Hibrernate access it. I want Hibernate to put the user name or role into each insert to the database so as
I do my searches the system knows to only show data for that user and only that user?
this somes like it should be easy. Spring should be saving the user somewhere the hibernate can access.
please help me out
Once the user is authenticated, you can access the user's authentication session details:
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
SecurityContext will allow you to grab the Authentication object, and from that you can retrieve the principal (an object representing the authenticated user), roles, etc. You could inspect this information and determine what data should be stored/displayed for each user.
If you can add a request filter or interceptor (the vocabulary may vary between frameworks), you could probably make these security checks abstract/generic enough to be applied across your entire web app (instead of adding a few lines of code to every resource method you're attempting to secure). Either way, SecurityContext should get you closer to what you want.