Closed aakilfernandes closed 6 years ago
nycoliver
commented
7 years ago IPFS definitely verifies data from other nodes. See white paper, section 3.5. I think https://github.com/ipfs/go-ipfs/blob/master/exchange/bitswap/message/message.go#L105 is where blocks from peers are checked. Am I misunderstanding your question?
aakilfernandes
commented
7 years ago Ipfs nodes don't trust each other, but js-ipfs-api trusts the node. For example if I do
ipfsApi = IpfsApi(host, port)
ipfsApi.get('Qm...')I'm trusting that the node at host:portis not lying to me. This is fine if we assume the user is using a local node on their machine, however users could be using remote nodes. For example https://infura.io/.
nycoliver
commented
7 years ago Oh I see. The simplest solution I can think of is to expose ipfs add --only-hash in the js api so you can compare the two hashes.
hacdias
commented
6 years ago onlyHash is supported since https://github.com/ipfs/js-ipfs-api/pull/717 so shall we close this @diasdavid?
My understanding is that after getting a file from a node, there is no additional check to verify the returned file matches the hash. It would be good to hash the file in the client to make sure the file is correct. That way, it would be possible to use untrusted nodes (for example https://ipfs.infura.io)