Databases and Web Apps (server-side logic)

Apps
21

Interesting.

I had a look at the site and loaded the cart with a couple of items. A quick look at the page source reveals a SvelteKit architecture, which loads JavaScript modules from the server and executes them on the client.

There’s a glaring security implication. The problem is session storage.

On the cart page:

  • The data is stored by client-side JavaScript in the browser’s memory.
  • It doesn’t get sent to the server with any HTTP request automatically.
  • It is completely under the user’s control.

No authentication mechanism is in place.
There is no session cookie or token binding the user to a secure identity on the server.

There’s no backend involvement in access control.
Because the cart and user state live entirely in session storage, the server has no visibility or control over the user’s behavior.

All trust is placed in client-side code.
Users can manipulate anything in session storage using dev tools:

sessionStorage.setItem('isPremium', 'true');
sessionStorage.setItem('cartTotal', '0.00');

Bottom line: the designer of this website has opened the organization to malicious activity.

Yes, I briefly considered encryption myself. But it suffers from the timeless paradox that the key must be delivered with the payload.

I’m with you. It’s a tough nut to crack.

1 Like
22

No, it isn’t.

They can place spurious orders, but the backend would flag them as invalid and the business would reject them.

A user can save all sorts of nonsense to autonomi. That’s why it must be validated by the backend side of the app, before it can be trusted.

4 Likes
23

No - did you checkout? - you download the list or items you want and send it as an order - if you swapped out prices or changed totals it will just not be accepted :man_shrugging:

4 Likes
24

But they provide bulletproof security. See my earlier answer re: the flaws in the Merch Shop design.

Which is a back-end server, with its own protected back-end logic. But it suffers from its own suite of problems (see my earlier reply to HappyBeing).

25

Exactly! That’s what I’m trying to flesh out—how do we get that backend, server-side secret and protected logic?

26

Right. Because there exists server-side code to analyze and reject it.

27

No - because you send the order to rusty and he will accept or decline it

Just as an autonomi shop owner would do

3 Likes
28

And when you’re processing tens of thousands of transactions a day?

1 Like
29

I do not see why you have this question.

The user runs an app that can view, search, order, etc. That generates an order.

Then the shop processes those orders using their internal large computer system, rejecting invalid orders.

Its not server side anything, just a system to process orders when they come in. Think email style, but better

6 Likes
30

On the traditional internet perhaps. They may have little or no role on autonomi.

Nope.

It’s just another app, running on another computer, which happens to be accessed by the shop owners.

It doesn’t need a web front end even. The backend runs locally, just like the front end can.

Consider this: autonomi is like a database that can be read/write by a ‘front end’ directly. A consumer adds stuff to that database and the shop staff validate it. If valid, they ship the order. If not, they ignore/reject it.

6 Likes
31

Software… I didn’t say it must be a human with pen and paper when you’re running an autonomi shop…

3 Likes
32

That’s the console app that runs and listens on localhost, ala dweb or VazorTopShelf. But again, that brings its own set of problems. See my earlier reply to HappyBeing.

33

Now you’re shifting to the console app concept. I’m speaking specifically of a web app with server-side logic.

The consensus seems to be that it simply can’t be done. Securely. At least today.

34

You can even inform your customers about seemingly random time limited discounts… If they order on the first weekend to an address in Canada they get 20% discount…

Today between 1pm and 2pm prices are 5% lower… No client side logics needed to make random rules… That then are applied both by your customer and you when you check the order…

1 Like
35

You don’t. You can’t stop stuff being written to autonomi, bypassing logic, etc.

The secret logic is just another app (essentially) that reads the same data, then decides if it is valid or not.

There are no guards around what can be written to autonomi (as a data store). Instead, the data must be assumed to be bad and validated to prove otherwise.

Ofc, you keep your encryption keys to access the backend app safe, so only shop staff can access it. That is the secret part.

4 Likes
36

NO

Its a program that waits for email style messages. Without any connection to the app running on the person’s computer who is doing the ordering

4 Likes
37

You’ve just described a console app.

2 Likes
38

Because it is irrelevant what the app is. Whether CLI, web app to local server, mobile app, etc… it’s all accessing the same data. They are all running on the device being used to access the data too.

2 Likes
39

Either he doesn’t want to understand or he just wants to fud/troll/bind energy

I’m out of here and doing some productive work…

3 Likes
40

You do not have to do email style.

The point is that the user runs an app that does the ordering, that is all

The shop runs on their computer system their internal shop software that will read data stored on Autonomi that the ordering app wrote and then processes it

No where in Autonomi is it designed to be running a shop/warehouse/billing internal program. That is essentially not a distributed system nor a network system, but a system to run the internals of the shop

5 Likes