Dumb DOM API questions


That’s not possible at the moment @draw, although I did think about the possibility of such a thing too, e.g. if I am being spammed, or if undesirable emails from an account that I want to block/blacklist. These cases are not exactly the same as in current internet where you can do it for free, while in the SAFE net the spammer will need to pay for it, but still you may want to just block some annoying account which is not necessarily spamming but unwanted.


I was more thinking if this could be a way to know the number of visitors (=unique accounts) of the ‘site’.
Or the possibility to make a poll where your are sure one account has only voted once, because enforced by the network.


I think those cases should be in application layer/protocol, e.g. the app stores the vote in the MD entry along with its signature, and you can ignore a vote if it’s not signed.


It could be that I don’t understand it, but is the app not running locally, hence hackable?
EDIT: or do you mean with signature a uniqe signature of the account (or combination account-app), that is/can be ‘checked’ as such?


I’d say that the signature is using the user’s private key to sign. So if the signature cannot be decrypted with the users ID then its fake/spam


If I understand you correctly, the decrypt part is with the ‘public key’ of the user id account of a certain mutable data ‘entry’. And this is a check done by another account or the network.
Is there a guarantee that this ‘public key’ is indeed linked to a ‘authenticator’ user account?
E.g. this user account cant use more than 1 key (pair) in that mutable data ‘list’.

I get that it is possible to make your own account-list: that one has to register at your app.
But is it possible to reuse the already existing ‘account’-list of the Safe users, e.g. so that no Safe ‘user account’ can vote more than once?
Maybe this is not possible or/and not wanted, because not anonymous enough.


That signing only proves that the entry claiming to be made by an ID (public key) was in fact made by that ID


I don’t know how to properly use the free instance methods. Here is some sample code from the safedemo website.

function showfiles() {
  window.safeApp.getContainer(auth, Container)
    .then((mdHandle) => {
      // console.log(mdHandle);
      fileshow.innerHTML = "";

      //can be used for identifing the Container but is mot needed here
      // window.safeMutableData.getNameAndTag(mdHandle)
      //   .then((data) =>
      // console.log(data));

        .then((entriesHandle) => {
            (key, value) => {
              // console.log('Entry Handle: ', entriesHandle);
              console.log('File found: ', uintToString(key));
              // console.log('Value: ', uintToString(value.buf));
              // console.log(key, value);

              $("#fileshow").append("<div class='icons'><i class='material-icons md-48'>description</i><p class='filedirnames'>" + uintToString(key) + "</p></div>");

          // window.safeMutableDataEntries.free(entriesHandle);
          // window.safeMutableData.free(mdHandle);
    }, (err) => {
      // Materialize.toast(err, 3000, 'rounded');

Where would be the approriate place be to put window.safeMutableDataEntries.free and window.safeMutableData.free.


What are the differences of piece of mutable data created with newpublic and a container?
Can I create a container?
What does serialise and fromserial do?


Can I add to this list:

  • is a container just a mutable data like any other, with the same features and limitations (eg 100 item limit), or if not what are the differences?


My understanding is that the app can only create one container for itself (ownContainer), but not totally sure.


Why is mutable data limited to 100 entries and 1 mb per entry?


It isn’t 1MB per entry, but 1MB per MutableData (and 100 entries per MutableData). Those are implementation decisions - ie what the SAFE network supports. My understanding is that if you want more/bigger you will need to string multiple MD together yourself once a limit is reached.

I think that is the case with containers too, because each is just an MD, but my question is just to check that this is the case and that the API does not have code to string multiple MDs together per container.

In the case of the root container, each entry is an MD which is also a container. See the RFC referenced above.


I would say the only difference if the way you reference it, i.e. the containers have a name which can be provided to the API to fetch it, whilst for fetching MutableData’s you need the XoR name and tag type. After you fetch them, you interact with them both in the exct same way, i.e. using the MutableData API and NFS emulation if you prefer to.

At the moment from the safe_app_nodejs and DOM API it’s not possible to create another container but the one you can request to be created when you authorise the app with the own_container option param. But this is something that was thought to eventually be possible if the app requests permissions for it, although I haven’t explored the lower level safe_core API well enough to provide more details at this time, I just remember this was somehow mentioned in the RFC: https://github.com/maidsafe/rfcs/blob/master/text/0046-new-auth-flow/containers.md

As mentioned above, in order to fetch a MutableData you need the XoR name and the tag type, and if you want to fetch a Private MutableData you need the encryption keys in addition to that.
If your app needs to store a reference to a MutableData it can store the required information so it can then fetch it, or alternatively it can just serialise the MutableData, store it, and then it can deserialise it to fetch it.

Correct, this is not supported yet.


9 posts were split to a new topic: Error on create/insert with NFS (bug discussion arising from Dumb DOM API Questions)

Error on create/insert using NFS (bug discussion arising from Dumb DOM API Questions topic)

Hypothetically, is this possible that one instance will send v=1, and other v=2, and they both get accepted? Where can I read more about a consensus mechanism, Is there some RFC about that?

Error on create/insert using NFS (bug discussion arising from Dumb DOM API Questions topic)

So, is it account or app? Can I restrict permissions to some app used by any user, or some user using any app? Or is it always account+app combination? Or maybe it is always a user using current app?


I think it could be done just by clever design of application data structures. You can perhaps save email={ login: “…”, content: “…”} instead of email="…" as a mutable data entry value and ignore/delete entries that don’t have email field.


Great topic anyway, great questions, great answers. I think every question in this topic should result in a commit to documentation, or a ticket :slight_smile: Or perhaps a FAQ could be compiled of it.


The account is the owner of the MD created, and the app which requested the creation of the MD is added to the permissions list when it invokes the quickSetup function in the MD API (or using the put function of the MD API it can specify which permissions to be set for itself in the MD).
So you can restrict access to the MD entries using the MD Permissions and PermissionsSet APIs, and you can set those permissions to specific sign keys (that’d be the app’s sign key you are giving/denying access to), or you can set permissions for any app by providing a null sign key to those APIs (we’ll expose that as constants eventually to make it clearer for the developer).

Error on create/insert using NFS (bug discussion arising from Dumb DOM API Questions topic)