Currently, the IPFS gateway (NGINX proxy) allows any content to be uploaded (with a 2MB max payload). If anything can be uploaded from anywhere, there are potential hazards, among them:
- spam content / listings
- inappropriate content
- illegal content
There are many ways to harden the gateway, for example:
- Formatted loglines, log handling, and some sort of log monitoring would give visibility into what is being uploaded through the gateway
- Validating uploaded data (adheres to schema, file formats for binary fields, etc)
- Authentication (ex. integration with ERC725, API keys to ensure uploads come from applications and services built by known developers, etc.)
- Spam filtering on the text content
- Image recognition for offensive content
Currently, the IPFS gateway (NGINX proxy) allows any content to be uploaded (with a 2MB max payload). If anything can be uploaded from anywhere, there are potential hazards, among them:
There are many ways to harden the gateway, for example: