Imagine if I enabled these features on a relay. Pass nostrscripts to perform arbitrary queries on the database.
nostr has created a monster: an insane database engineer with dangerous wasm knowledge nostr:note155nee9r0zumh8mjfdamr4h9xx75k0s08mkadrk37cwhhadcqmw2q7qam9l
this seems so easy to turn into a DDOS nightmare.
yeah there would have to be some static analysis to ensure there are no loop ops, or even bail if there are too many ops in general.
ideally for this use case for public relays we would have a more special purpose virtual machine/bytecode, i think sqlite has something like that internally. I’m just using wasm because I’m lazy and already have code in place for it.
Having this on the local relay is the real intended use case. if you run a script that is just a slow query it doesn’t matter too much, you can run it in a thread and kill the thread if its taking too long or being weird.
