Handling user data and storage in Ethereum Dapps-Understanding - blockchain

I've just started writing smart contracts and developing Dapps on the Ethereum Blockchain, basically users interacting with the smart contract and storing some lightweight data into the blockchain.
I have a general but very vague idea on how to do all of this so I simply wanted to make sure that I got stuff right, so please beare with me .
What I want to do:
User Login : I am not very sure about this. Should I handle it as a traditional user login ( database) or I could use the blockchain for that? and if so , how would I be able to do so?
Store data (Strings, boolean and an Image) into the blockchain via a web interface: I've seen some tutorials but most of them don't 'store' the data, I want to be able to show this data to my user . So maybe I should use a JSON file? I read about IPFS fo image storing but I dont know how to associate a hash to my Eth account.
What I did :
Set up my own private Ethereum Blockchain
Written a contract that handles a string ( user's name) and then returns it on the GUI
Written the web interface
TL;DR: I am trying to store user's data into the blockchain so that I can show it again but I dont know how to proceed. I am also confused about the user Login . Please help me ( any links would be greatly appreciated) or at least tell me if I'm on the right path.

For login you can have a user to sign a message using the private key in their wallet on web or mobile Then on the server-side you can verify this message came from a certain Ethereum address and create the database record for the matching address in fly
You can store data in a transactional blockchain, but it is discouraged and not the purpose of a blockchain. The data storage cost on a public Ethereum blockchain will be millions of times more than in a database or other dedicated storaeg. If you do this for learning I suggest you try products like Storj or Sia for decentralised file storage.

Related

developing custodial vs non-custodial wallets

This is a very broad and general question so I'm going to specify my intended use case and branch several questions, mainly referring to the implementation of each approach.
In short, users using my wallet are going to constantly send to each other, and perhaps receive/send from/to other wallets and networks, and I'm mentioning this in case it could provide an overview of how transactions will take place in my app.
so to start with the custodial wallets:from what i know, most custodial wallets have 1 cold wallet and 1 hot wallet and a hot wallet to every user, so when a user creates an account keys are automatically generated to that user, but my question is how are the users' keys stored: is it in a normal db or do they do it in another way, and how does this model work like how do they technically use the cold and hot wallets.
moving to non-custodial wallets,i want to know basically the same thing, how and where are the users' keys stored? and how are they accessed? and in case i go with this approach i am still able to impose tx fees on tx happening on my app?
I hope I made sense in what I said, and I hope to check your answers, If you feel like you know an answer to some part of the question but not all that okay say what you know as any contribution would be great, and if anyone is up for a discord/zoom call i would really appreciate it. Thanks in advance, and please let me know in case you need extra info to answer.
custodial wallets
how are the users' keys stored
It depends on each app implementation. A good practice is to store sensitive data (such as private keys) in a secrets management system. It's usually an encrypted database with advanced access control - allowing access to groups of data based on user group policies, generating single-use or time-sensitive tokens for accessing the data, ... The application can then request the private key from the SMS using the user's unique token.
non-custodial wallets
how and where are the users' keys stored? and how are they accessed?
Software wallets (including browser extensions) usually store private keys in a file, located in your computer, encrypted by a master key. The master key can be for example the hash of your MetaMask password and some predefined salt. When you unlock the wallet by entering the correct password, the wallet software decrypts the file containing the actual private keys, and then it's able to use the private keys.
Hardware wallets store private keys on the device, encrypted by a master key as well (e.g. your device PIN and a salt). It's a common practice that private keys never leave the device. So the UI software usually sends a request to sign a raw transaction data to the device, the device then asks the user to enter their pin, performs the signature on the actual device and returns the signed transaction back to the UI software.

Is it possible to query the Blockchain API to get information on currency exchanges?

Coinbase stopped publishing it's user stats in 2017, so I haven't been able to find a way to see how many users currently use the exchange.
My (albeing limited) understanding is I should be able to work this information out from querying the Blockchain.
Is this possible?
I'am not sure about Ccinbase, but i know that a lot of exchanges creates completely different wallets(addresses) for each user, so its impossible to track them. You can do it for decentralized exchanges as Idex/Bancor/0x etc, because they are using specific smart-contract(only in Ethereum network)

General Question on how to use Quorum blockchain

I am very new to quorum programming. I already made some Smart Contracts with solidity on ethereum and made some dapps with Truffle, React and Metamask.
Now I did this Quorum Tutorial: https://truffleframework.com/tutorials/building-dapps-for-quorum-private-enterprise-blockchains
Before I get to the problem I have, I tell you what I am trying to do:
Right now we have a database in our school, where the teacher can save the marks of the students, and the students can log in and see the marks they have. I'm trying to make a prototype, where this data is stored on a private blockchain like quorum.
So what I already did is a react front end for the prototype and I want that teachers can log in, save marks for a student and then the students can log in and see their marks. This means that students and teachers all need a login.
The Problems I face:
How can I set up a local productive quorum node?
For ethereum and ganache, you can use metamask and then use the
metamask account in the react front-end to make transactions. How
does it look like with quorum?
How can I make a login? Or does the teacher and student need to know
a private key for their account?
As you can see, Im very new in this world and I need to learn a bit more about the concept.
Thank you for your help
How can I set up a local productive quorum node?
Something like Quourum Maker may assist you in being able to quickly bootstrap a Quorum network without having to go through tedious manual configuration. The Quorum documentation is also full of tutorials that can guide you through this process.
For ethereum and ganache, you can use metamask and then use the metamask account in the react front-end to make transactions. How does it look like with quorum?
You could utilize something akin to ethereumjs-wallet to create wallets in-code and send the transactions via the Quorum web3.js library. You would need to then map these wallets to users in an off-chain database which leads into your next question.
How can I make a login? Or does the teacher and student need to know a private key for their account?
You can handle authentication in your web application via an IDP in which students and faculty already have existing credentials with if you have the appropriate access to do so. Otherwise, you could utilize SSO with well-known IDPs via something akin to Auth0.
Your flow would essentially involve first having the user authenticate, then tying their identity to a generated Ethereum wallet upon their first authentication and persisting these tied identities to an off-chain database. Subsequent authentications would pull the persisted wallet information from the off-chain database and use that for transaction signing. Other considerations would involve utilizing appropriate key management services as well as utilizing an HSM for secure transaction signing.
I could have given you the steps but on a second thought, I think its a good idea to start using something simpler like https://github.com/ssbc/ssb-db and then, come back to Ethereum.

How does the blockchain verify new assets?

how to verify new assets in a blockchain? For example: in order to participate in blockchain transactions, a member must first claim to have an asset that the network has not seen before, how would the network verify this claim? I've read a bunch of papers, but they're too bitcoin centric, which is that there are centralized institutions that issue block assets to members in exchange for real world currencies. And the non-bitcoin-centric mechanism seems to just assume that the new asset is inalienably verified, so just hash it directly with a timestamp as a new block. There doesn't seem to be any verification process. Is it incumbent on the application to determine a specialized verification algorithm? Am I just completely missing something? Please any response is appreciated.
To track assets using the blockchain you create your own token and create a owner which can then assign people the asset using contracts or manually. If you are talking about currency then you either need to work and mine it or buy.
Yes it is the application's and mostly the user's responsibility. A real world asset cannot be pegged to a digital asset, blockchain or not, without a central authority enforcing such a peg.

django how to secure my project

I work on a project where I'll have to configure remotely some products.
These products have a sim card and can connect on internet through gsm so I won't be able to connect to them directly.
Customers will connect on my website to make configuration requests on their products by filling forms, when they are done, I save in DB all products new config and I will send a sms to each products, the sms make the products know that they have to connect with http to an url specified in the sms, when they connect to the url I identify the product with their serial number and send their new configurations.
Now I don't really know how to secure all the data sended in the sms or the manage the authentification from the product to my server.
I thought to make an authentification based on a MD5/SHA HASH formula, but the problem is that the secret used to hash will be stored in the product and if the secret and the formula gets to be known, it will become critical.
Maybe using dynamic hash with date of the day with product infos would be better. HTTPS could resolve everything maybe but I just can't only use the serial number of the product as authorisation.
I thought also to add a private key infra but I think its too complex.
I would encrypt data with product public key for example and the product would encrypt data with my server public key, but I don't know if its too hard to implement this architecture.
I use django framework, ngnix.
I think your confusing what a 'hash' is, with encrypting/decrypting data. A hash is typically one way, with no means to (easily) 'unhash' the information that has been transferred.
The weakest link in your design is the very limited SMS (text messaging) system for transferring the data. It lacks the ability to use a large/full character set (such as binary) - which means encrypted messages would have to be quite long to be secure. But it also limits the length of messages, so these long encrypted messages could not be sent.
As mentioned in the comments, this question is too general to provide a specific answer to. But if these were 'smart' devices, a dedicated configuration 'app' - using SSL - would likely be your best solution.