-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal + discussion around contribution #6091
Comments
Hi @elribonazo
I see no value on rewriting everything in rust. Instead we could collaborate on creating an RxStorage implementation in rust that can run in webassembly and maybe is much faster. But my current performance measurements show that the main-thread to webassembly bridge cost so much latency and overhead that having everything build in javascript is much faster. For example the sqlite wasm storage is not that much faster compared to indexeddb even when sqlite is used in-memory. |
Hello sir, nice to read from you again! Thanks for the quick reply. I do have a custom encryption plugin but what is affecting me as a user is that my project has very strong security requirements, and despite we are able to justify that the vulnerable dependencies are not used in the project it does not look right, also our security audits will spot this and reject our release. I agree that it would require a huge amount of work but u know it would improve so badly? Someone that just wants to use a storage can just install the test-suite package, run its tests and then be ready to release. Same for other packages, why do i need to use firebase with the vulnerable dependency if i'm not using the replicate plugin for firebase, see what I mean? I think most of my issues would blow away if we could achieve workspaces for RXDB and i'm happy to try collaborating in that sense! thanks for your support man. Won't make shortcuts in terms of testing, etc... no matter how long it takes but yeah i really would love to see we can make this. For now, we are patching the package :| taking out crypto-js and the firebase replicate plugin, all good i guess for now, but its not very clean hehe :) Have a great week! |
PR is welcomed. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed soon. Please update it or it may be closed to keep our repository organized. The best way is to add some more information or make a pull request with a test case. Also you might get help in fixing it at the RxDB Community Chat If you know you will continue working on this, just write any message to the issue (like "ping") to remove the stale tag. |
Issues are autoclosed after some time. If you still have a problem, make a PR with a test case or to prove that you have tried to fix the problem. |
Hello,
I've been contributing to the development of a couple storages for RXDB, mainly for 14.X and I'd like to extend my development even further now, to bring those to 15.X.
Things I could contribute on:
Removing the dependency for crypto-js in old and new rxdb, replacing it with a secure encryption algorithm maybe and what I'd consider more important, the encryption plugin should from my point of view, allow user's to enter their own cryptography.
My ideal encryption plugin would not bundle cryptographic libraries/primitives but would require a protocol to be passed, people out there in the wild can choose what cryptographic layer or primitives want to be used.
Is converting RXDB into workspace something that you are considering internally? I love this library... REALLY and would love to take it to its next level.
The free plugins lack some functionality, i've seen couple things I reported you guys on Christmas have been fixed in recent versions but my whole point is... Why not making the Plugins all open and free but maybe offering a SAAS Secure solution for those that don't want to be storing their contents in their browser, like a delegate & custodial remote storage.
I've currently got: 1 indexdb custom storage, 1 leveldb storage and 1 custom inMemory storage.
Migrations in 14.17.1 dind't support passwords (encryption) for example, so I've developed my own.
Encryption in 14.17.1 used a vulnerable dependency that my project cannot really accept :D
I may just go totally wild and re-write this in RUST, how i always envisioned, dunno. First though i want to see if we can collaborate, if there anything I could start helping you with(outside work, on my free time) =?
Thank you s o much RXDB team, marvelous work!!!
Love you guys
The text was updated successfully, but these errors were encountered: