1
0
mirror of https://github.com/oceanprotocol/docs.git synced 2024-11-01 15:55:34 +01:00

GITBOOK-108: change request with no subject merged in GitBook

This commit is contained in:
Veronica Manuel 2023-05-16 02:52:58 +00:00 committed by gitbook-bot
parent fdfa746752
commit 175cb9d365
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF

View File

@ -23,6 +23,8 @@ Read on, anon, if you are interested in the nitty gritty of security details!
### Security Considerations ### Security Considerations
{% embed url="https://media.giphy.com/media/81xwEHX23zhvy/giphy.gif" %} {% embed url="https://media.giphy.com/media/81xwEHX23zhvy/giphy.gif" %}
Stay safe, my friends
{% endembed %}
Through publishing, the URL/TX ID/CID required to access the asset is encrypted and stored as a part of the NFT's [DDO](../../developers/core-concepts/did-ddo.md) on the blockchain. Buyers don't have access directly to this information, but they interact with the [Provider](https://github.com/oceanprotocol/provider#provider), which decrypts it and acts as a proxy to serve the asset. The DDO only stores the location of the file, which is accessed on-demand by the Provider. Implementing a security policy that allows only the Provider to access the file and blocks requests from other unauthorized actors is recommended. One of the possible ways to achieve this is to **allow only the Provider's IP address to access the data**. But, not all hosting services provide this feature. **So, you must carefully consider the security features while choosing a hosting service.** Through publishing, the URL/TX ID/CID required to access the asset is encrypted and stored as a part of the NFT's [DDO](../../developers/core-concepts/did-ddo.md) on the blockchain. Buyers don't have access directly to this information, but they interact with the [Provider](https://github.com/oceanprotocol/provider#provider), which decrypts it and acts as a proxy to serve the asset. The DDO only stores the location of the file, which is accessed on-demand by the Provider. Implementing a security policy that allows only the Provider to access the file and blocks requests from other unauthorized actors is recommended. One of the possible ways to achieve this is to **allow only the Provider's IP address to access the data**. But, not all hosting services provide this feature. **So, you must carefully consider the security features while choosing a hosting service.**