You are viewing a single comment's thread from:
RE: Exploratory Analysis Shows World of Opportunity with JSON and STEEM
Cool.
Is there a record of who adds the custom JSON?
Any authorization to add a field that already exists and is being pulled for data?
Can anyone add anything, like any account add info for any JSON data and imitate an app, such as adding bogus data?
Could I just add followers to people who didn't really follow?
Can I add SM data just by adding a custom JSON object?
Thanks!
Yes and No. You can add any custom_json content, including similar objects as SM, but the author of the transaction won't match.
Check my comment to @paulag
Thanks. So if someone makes an app, they can just look for custom json where their app (or another) is the author of the data and only use that?
They need to look at the author of the custom_json, not "the app", unless you want to monitor all transactions written as "something you understand" (i.e. like how steemit.com works with "follow" custom_json).
Yes, the appname as the author, like busy, or partiko, etc. To get all real follows then, you need to search for all app accounts that add to
follow? If you don't look for busy or partiko in thefollow, you won't get all the followers, right?Here's how I'd explain it: anyone can create a custom_json transaction with an id. This could be something like
follow,sm_team_reveal, etc.When someone creates a custom_json
followtransaction with datakrnelthey express that they want to follow krnel. Then every Steem node sees that they expressed that they want to follow krnel, so they update their internal books that they followed krnel.Same with
sm_claim_reward. If someone broadcasts ansm_claim_reward, then everyone knows that they want to claim their reward, and it is considered that they have claimed their reward.OK, so it's per user account. Nothing to do with the app account, for follows. Are there fields that are validated through an app account? As a way to prevent anyone from just adding any data they want.
Say you have an app and create a field for data, how can you prevent just anyone from adding data to the field simply by signing/broadcasting it with their own account? Anyone could make fraudulent data claims on the field in that case. Is this a limitation of the custom JSON field, where it cant be used like any database?
Thanks!
The custom_json transaction is not in any way a database. All the custom_json transaction is is a way to have a transaction that doesn't have any side effects. An example of a similar thing in Bitcoin would be sending 0 BTC to 0x0 with a certain message. That's all a custom_json does. If someone creates a custom_json transaction
transfer krnel 5 catsand that transaction is included in a block nothing happens. The Steem nodes don't add an entry to a database saying that now @krnel has 5 more cats or something. The only thing that happens is that now if you ask a Steem node what was in that block, you will see a bunch of transactions, one of them being a custom_json transactiontransfer krnel 5 cats. I could create a custom_json transaction sayingsdadg asdgsad sdfasd asdfand none of that would be entered in any database (not like there would be any reason to), but will be entered in a block.So why would this be useful for DApp creation? All you can do is write a message in a transaction to the blockchain without any side effects. But what this means is that my Stratos DApp can look for when @alice creates a
transfer_stratoscustom_json transaction. Then it can rely on a shared protocol; everyone running Stratos agrees that when someone creates atransfer_stratoscustom_json transaction, they decide that that means that they will update their internal ledger accordingly.So let's say Alice creates a custom_json transaction
transfer_stratos 10 bob(this means 'transfer 10 SRTS to Bob', but written in a way that's easier for computers to understand). That transaction is included in a block, but the Steem nodes don't do anything about it. Again, they don't update a database or anything. They just include that transaction, charge Resource Credits, and ignore it. But Alice and Bob and many other users in Stratos have agreed that when anyone creates atransfer_stratoscustom_json transaction, they have an intent to transfer SRTS to someone else (again, this is just a shared belief and doesn't mean anything on the blockchain level). So when a Stratos node running the Stratos software (connected to a Steem node) sees thetransfer_stratostransaction and updates the internal balances to remove 10 SRTS from Alice's balance and add 10 to Bob's balance. Now every Stratos node agrees on this new update, and Alice has successfully transferred 10 SRTS to Bob (this actually means that every Stratos node agrees that the transaction happened, and so they updated their ledger accordingly).Here's a post where I explain the same thing in more detail, including cases of malicious actors trying to hack the Stratos network, and explanations of how this relates to Steem Monsters and steem-state (note that this is before the rebrand from Engine to Stratos): https://steemit.com/steem/@shredz7/how-engine-works.
I'm glad to see you interested in this as it is a fascinating topic -- if you have any more questions feel free to ask!
Thanks. By database, I meant the blockchain that records data and can be accessed, but has permissions to prevent anyone from just entering any data they want on behalf of others, that there is a record of who enters data to validate it in some way.
For your example with
transfer_stratos, the addition of a newtransfer_stratosfield saying to transfer is signed by the account, giving it authority, right? I just want to know if there is authorization to manage data. Like a database, there are access permissions. Fields in custom JSON have the account of whoever added that field I assume. So when an app adds data to custom JSON, it can do so on it's own account, or as a user ont he app that has authorized it to do so, for example with SteemConnect scope. Is this accurate?I'll check out the thread. Thanks for taking the time!
Great questions
"Is there a record of who adds the custom JSON?"
In that table, not really, but there is posting auth recorded for apps that needs it. But it doesnt say which app it came from. Im sure if I mix this table with another one I could get the results. But I havent looked.
"Any authorization to add a field that already exists and is being pulled for data?"
Not sure I understand this question
Can anyone add anything, like any account add info for any JSON data and imitate an app, such as adding bogus data?
Hmm great question. I'm not a dev so I might not answer that correctly. But I am sure it requires some sort of conscious and authority, if not then it would be possible.
"Could I just add followers to people who didn't really follow? "
not unless you have the posting authority
Can I add SM data just by adding a custom JSON object? again you would need posting authority
Yes, that's why there are lot of invalid "follow" json in the blockchain and apps should double check both the author and the content
So when a new field is created, it is associated to the original posting authority that created it, and no other account can add to that field? I thought anyone can add a
followto the custom JSON. Similarly, anyone could add any field, and fabricate data. One needs to always check the author of the data added to a field I would think.