GunDB user authentication and data storage among users

Question

I have been following your project for quite some time now and am intrigued by the functionality of gunDB where it doesn't require a database in between and keeps security in check.

However, I've got some questions about GunDB which I've been thinking about for quite some time now before I can give Gun a go with a project I'm currently working on. In this project it is necessary that data is safe but should also be shareable once a group has been setup. The project is a mobile app project and ata is mostly stored on the device in a SQLite database.

I have been looking into Gun as it allows for better usage of the app in sense of collaboration. The questions I have, however, are:

User authentication

How is user authentication handled through private keys? So how can a user "register" with, for example, a username and password to login to the service.

For authentication I am currently using Firebase where it is possible to use username/password authentication and I would like to know how Gun approaches this case and how it's implemented.

Data storage

In the documentation and on the website it's stated that data is stored locally with every client and can be stored on a "node" or server using either a local hard drive or the Amazon S3 storage option.

What I am curious about is what data is actually stored at the client? Is this only the data he/she has access to or is this a copy of the whole dataset where the client can only access whatever he/she is granted to have access to?

Maintaining your data

When I've got a production system running with a lot of data, how will I be able to manage my data flows and/or help out my clients with issues they have in the system?

In other words, how can I make sure I can keep up with the system if I want to throw in an update and/or service my clients with data issues.

My main concern is the ability to synchronize their local storage correctly.

Those are all my questions for now.

Thank you very much in advance for providing some clarity on these subjects.

Best regards,

Answer 1

(Answered by Mark Nadal on Github: https://github.com/amark/gun/issues/398#issuecomment-320418285)

@sleever great to hear from you! Thanks for finally jumping into the discussion! :D

User Authentication,

this is currently in alpha. If you haven't already seen these links, check them out:

• https://github.com/amark/gun/wiki/auth
• http://gun.js.org/explainers/data/security.html
• https://github.com/amark/gun/blob/master/sea.js#L23-L43
• https://github.com/BrockAtkinson/login-riot-gun

If you have already, would love to either (A) get you to alpha test and help push things forward or (B) hear any specific questions you have about it. This thread is also a more at length discussion about alternative security API ideas: #321 .

Data storage.

Browser peers by default store the data that they subscribe to, not the full data set. You could ask it to store everything, but the browser wouldn't like that. Meanwhile NodeJS peers, especially if hooked up to S3 or others, would store all data and act as a backup.

Does this make data insecure? No, encryption should keep it secure, even if anybody/everybody stores it, the encryption makes it safe. (See [insert link to (1)] for more information).

Maintenance.

You would service your customers by deploying an update to your app code. It would not be ideal for your customers if you could meddle with their data directly. If they wanted you to do that, my recommendation would be that they change their password, give the new password to you, and you login and make any necessary changes. Why? Because if you have admin access to their data, their privacy is fundamentally violated.