1
0
mirror of https://github.com/oceanprotocol/docs.git synced 2024-11-26 19:49:26 +01:00

GITBOOK-110: change request with no subject merged in GitBook

This commit is contained in:
Veronica Manuel 2023-05-16 11:30:02 +00:00 committed by gitbook-bot
parent d3cec0f77b
commit 8e2cb6baaa
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
2 changed files with 6 additions and 4 deletions

View File

@ -46,7 +46,7 @@
* [Emissions & APYs](rewards/emissions-apys.md) * [Emissions & APYs](rewards/emissions-apys.md)
* [Rewards Tutorial](rewards/veOcean-Data-Farming-Tutorial.md) * [Rewards Tutorial](rewards/veOcean-Data-Farming-Tutorial.md)
* [📊 Data Science](data-science.md) * [📊 Data Science](data-science.md)
* [👨💻 Developers](developers/README.md) * [👨💻 👨💻 Developers](developers/README.md)
* [Core concepts](developers/core-concepts/README.md) * [Core concepts](developers/core-concepts/README.md)
* [Architecture Overview](developers/core-concepts/architecture.md) * [Architecture Overview](developers/core-concepts/architecture.md)
* [Data NFTs and Datatokens](developers/core-concepts/datanft-and-datatoken.md) * [Data NFTs and Datatokens](developers/core-concepts/datanft-and-datatoken.md)

View File

@ -16,15 +16,17 @@ The most important thing to remember is that wherever you host your asset... it
In this section, we'll walk you through three options to store your assets: Arweave (decentralized storage), AWS (centralized storage), and Azure (centralized storage). Let's goooooo! In this section, we'll walk you through three options to store your assets: Arweave (decentralized storage), AWS (centralized storage), and Azure (centralized storage). Let's goooooo!
Read on, anon, if you are interested in the nitty gritty of security details! Read on, anon, if you are interested in the security details!
### Security Considerations ### Security Considerations
{% embed url="https://media.giphy.com/media/81xwEHX23zhvy/giphy.gif" %} {% embed url="https://media.giphy.com/media/81xwEHX23zhvy/giphy.gif" %}
Stay safe, my friends These guys know what's up
{% endembed %} {% endembed %}
Through publishing, the URL/TX ID/CID required to access the asset is encrypted and stored as a part of the NFT's [DDO](../../developers/core-concepts/did-ddo.md) on the blockchain. Buyers don't have access directly to this information, but they interact with the [Provider](https://github.com/oceanprotocol/provider#provider), which decrypts it and acts as a proxy to serve the asset. The DDO only stores the location of the file, which is accessed on-demand by the Provider. Implementing a security policy that allows only the Provider to access the file and blocks requests from other unauthorized actors is recommended. One of the possible ways to achieve this is to **allow only the Provider's IP address to access the data**. But, not all hosting services provide this feature. **So, you must carefully consider the security features while choosing a hosting service.** When you publish your asset as an NFT, then the URL/TX ID/CID required to access the asset is encrypted and stored as a part of the NFT's [DDO](../../developers/core-concepts/did-ddo.md) on the blockchain. Buyers don't have access directly to this information, but they interact with the [Provider](https://github.com/oceanprotocol/provider#provider), which decrypts the DDO and acts as a proxy to serve the asset. 
We recommend implementing a security policy that allows **only the Provider's IP address to access the file** and blocks requests from other unauthorized actors is recommended. Since not all hosting services provide this feature, **you must carefully consider the security features while choosing a hosting service.**
⚠️ **Please use a proper hosting solution to keep your files.** Systems like `Google Drive` are not specifically designed for this use case. They include various virus checks and rate limiters that prevent the `Provider` to download the asset once it was purchased. ⚠️ **Please use a proper hosting solution to keep your files.** Systems like `Google Drive` are not specifically designed for this use case. They include various virus checks and rate limiters that prevent the `Provider` to download the asset once it was purchased.