scoop

scoop

Is E2EE encryption a foolish idea for a LiveView app?

Dear community :waving_hand:t2:

I’ve got a few applications in mind for an industry that, like many other, tends to collect tremendously “juicy” (sensitive) data.

There is a strong case to be made for applying end-to-end encryption for both customers and the vendor.

Would such an architecture, in your opinion, invalidate many of the nice things you get with LiveView to the point where a React SPA would make more sense?

Side quest: To make things spicier, the industry in question requires high availability of records and documents. Would E2EE be incompatible with CRDT:s?

Asking for a friend, only wrong answers etc.

:otter:

Thanks in advance for any insights and reflections!

Most Liked

Schultzer

Schultzer

Whatsapp is a good example of an end to end encrypted chat app that is powered by the BEAM, the Erlang VM that Elixir runs us, so I don’t see any issue in building an end to end encrypted application in Elixir.

soup

soup

If your records are all encrypted blobs, you can basically ignore anything to do with forms, possibly any kind of “delete child record” actions too depending. You will have to either write custom hooks to decode and encode the (“dead”) form data before transport, or write the form in vue/react/svelt/whatever (and still decode/encode). Hydrating/dehydrating data into and out of the form wont be hard, but rapidly you’ll need some validations etc, which you’d end up building yourself vs using a framework.

It also depends on how sensitive your data is. Can you store the list of vendor clients, and render those via liveview only loading your whateveract-form when editing some records, or is the existence of a client alone sensitive? If everything is sensitive then like you say, you wont get much from liveview when your state is opaque_blob_aopaque_blob_b, but maybe most of the time your just writing liveviews and only have a few select black boxes around the place.

So disregarding any sensitive interactions, what do you have left? Do you want to push notifications around? Still use a websocket for transport speed? Is it better to just have a/many regular phoenix channels for these? Do you just prefer heex over jsx? If most of your elements are phx-update="ignore" then you wont get much quick dom diffing.

You can embed js frameworks inside LV and use hooks as an adapter layer, but you will hit some friction vs using one ecosystem alone.

Where Next?

Popular in Discussions Top

jswny
I would like to better understand what the advantages/disadvantages of umbrella applications are compared to structuring your app as as s...
New
Nvim
Anybody knows a comprehensive comparison of Django and Phoenix, thanks for the help. Where are they similar? Where do they differ the m...
New
cvkmohan
The upcoming Phoenix 1.6 release looks very interesting. Became a habit to watch the commits - and - what they are bringing in. phx.gen...
New
mmmrrr
Just saw that dhh announced https://hotwire.dev/ Is it just me or is this essentially live view? :smiley: Although I like the “iFrame-e...
New
chuck
Let me start by stating an assumption: Phoenix is a great approach to building REST APIs. There are many reasons for this, but I will ass...
New
ejpcmac
I have discovered Nix last month and I am currently on my way to migrating to it—both on macOS at home and the full NixOS distrubution at...
New
wmnnd
The Go vs Elixir thread got me thinking: Would it be too hard to implement a simple mechanism for creating Go-style static app binaries f...
New
AstonJ
If so I (and hopefully others!) might have some tips for you :slight_smile: But first, please say which area you’re finding most challen...
New
Markusxmr
Since Drab has been developed for a while in the open, introducing the Liveview functionality in a way it happend appears to undermine th...
New
slashdotdash
Phoenix Live View is now publicly available on GitHub. Here’s Chris McCord’s tweet announcing making it public.
New

Other popular topics Top

mcarvalho
What is the difference between System.get_env and Application.get_env? For example, what are best practices to use one versus another.
New
JeremM34
Hello, how can I check the Phoenix version ? Thanks !
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
grych
Hi folks, Few months ago I have announced the proof-of-concept of the library to manipulate the browsers DOM objects directly from Elixi...
639 52341 488
New
sergio_101
I am VERY much an elixir newbie. I have taken one elixir course and one phoenix course on Udemy. During that course, I saw the instructor...
New
Qqwy
Original source of discussion: This topic on the Pragmatic Programmers’ Functional Web Development with Elixir, OTP, and Phoenix forum. ...
New
Brian
What is the proper way to load a module from a file in to IEX? In the python world, doing something like this pretty standard: from ....
New
marick
I had some trouble figuring out how to make many-to-many associations work. Once I got it working, I wrote a blog post. Because I’m a nov...
New
dogweather
I wrote this comment on r/haskell, and it’s not popular there. :wink: But I think I’m on to something… Haskell reminds me of Java, and e...
New

We're in Beta

About us Mission Statement