Nostr Web Client

It is a very good question if your database is actually a damn server already anyway. People have tried to address it in the traditional world before, with things like CouchDB, Firebase, Postgrest, Supabase and the "local-first" community.

Nostr is that but also adds the fact that you are actually talking to a ton of different databases that you don't control.

Alex Gleason 1y ago

The truly interesting difference is in authentication.

In traditional servers, OAuth tokens are used to protect database write access, because all the rules of the app are made up and stored in the database itself. So the database itself is the "protected resource".

On Nostr, the database is public and open. It has no fantasies, just data. The "protected resource" is actually the user's private key. So authentication is reversed. The server demands authorization from the client rather than vice-versa. Truly mind blowing for anyone stuck in web dev for the past 20 years.

Reply to this note

Please Login to reply.

Discussion

ben 1y ago

you can also go full on database-less when building an app. app has a keypair and can rw encrypted state data to relays. I did this in a PoC strava bridge where I stored app data on public relays. pretty paradigm shifting.

Hazey 1y ago

This approach needs to be leaned into more

BITKARROT 1y ago

🎯

vinney...axkl 1y ago

To be fair this is true for all "web3" in general. from Bitcoin wallets to ethereum dApps to nostr

lunaticoin 1y ago

"La diferencia verdaderamente interesante está en la autenticación.

En los servidores tradicionales, se utilizan tokens OAuth para proteger el acceso de escritura a la base de datos, porque todas las reglas de la aplicación se crean y almacenan en la propia base de datos. Por lo tanto, la base de datos en sí es el "recurso protegido".

En Nostr, la base de datos es pública y abierta. No tiene fantasías, solo datos. El "recurso protegido" es en realidad la clave privada del usuario. Por lo tanto, la autenticación se invierte. El servidor solicita la autorización del cliente en lugar de lo contrario. Realmente alucinante para cualquiera que haya estado en el desarrollo web durante los últimos 20 años."

nostr:nevent1qqs8phcjevrks65xgqev9crvcs2egd8j7x7vaczvpz6kkfpnscphgdgppemhxue69uhkummn9ekx7mp0qgsqgc0uhmxycvm5gwvn944c7yfxnnxm0nyh8tt62zhrvtd3xkj8fhgrqsqqqqqprftp7l