Replies: 1 comment 1 reply
-
|
@zdanl, thanks for raising this!
So, if the project owner only has the key, how would Appwrite decrypt any of the project data for any of the operations needed for end users. For example, If you set up OAuth2 integration with Google, you have to give Appwrite a client ID and secret. This client ID and secret needs to be used when end users log in for the OAuth2 flow. |
Beta Was this translation helpful? Give feedback.
-
|
Yes, MariaDB at large was too far fetched, as it destroys the functionality that makes Appwrite so great. But single collections, possibly including the field types, possibly just the values, would be an interesting experiment, even more compelling if we build it with Web3Auth or SIWE (Ethereum Auth) via Browser Extension or web3 Browser. web3 is all about the users retaining ownership over their data. |
Beta Was this translation helpful? Give feedback.
-
The ability to scale is paramount and Appwrite Cloud for sure looks like a functional and profitable, viable business model. Unfortunately it's a bit like giving your users data to Firebase, neutralizing the ideals and promise of self-hosted and open source in general.
I haven't thought this through, but is there a way to generate a cryptographic key upon first registration of the Appwrite Project Owner, that he or she retains in the browser (Passkey API) or a Password Manager like Proton Pass; limiting Appwrite Employees ability to grasp the contents of a MariaDB even if they wanted to?
I realize most use cases, even querying, or displaying user owned data back in the app, prevent this categorically, but there is an academic concept called Homomorphic Encryption
https://stackoverflow.com/questions/50467084/execution-of-homomorphic-encrypted-queries-on-databases
https://en.m.wikipedia.org/wiki/Homomorphic_encryption
Food for thought.
Beta Was this translation helpful? Give feedback.
All reactions