Ergoplatform website sub domain SSL MISMATCH

Just a heads up on the SSL certs for sub-domain docs.ergoplatform.org need to be reinstalled the main domain itself is secured by SSL but the subdomain isn’t

The overall score in SSLabs is low because of the certificates being mismatched and untrusted under the subdomain. The worry is that any user reading Docs is essentially browsing without SSL. The SSL certs are issued by Cloudflare I think Cloudflare Full SSL will be best for the website with some workers that will force some rules so that no downgrade attacks can happen in the Ergoplatform website and stop any XSS, Clickjacking attacks by using hardened HTTP headers.

The website also accepts TLS 1.0 TLS 1.1 by using only modern TLS like TLS 1.2 TLS 1.3 will clear up these errors and give a perfect SSL score in SSLabs.

Good job on the website guys and I would love to put some ideas forwards to you based on some of the past web design and security experience.

Here is an example of some HTTP headers we should add. Secure HTTP headers in the website will stop any internal applications from being exposed.

1 Like

new address is

https://docs.ergoplatform.com/

2 Likes

I’ve wondered, so the ergo websites are hosted on centralized website servers, right? Including Dapps? Will there be a future in which Dapps are hosted on ergo domains? Or will headless Dapps make this not a potential risk for deplatforming?

The Ergo websites are hosted on a typical centralized website server and act as an information post. The dApps are Decentralized apps that work from a Smart Contract on the Ergo blockchain coded in Ergo Script some dApps could have a front-end that would be hosted on a centralized server. I don’t think de-platforming would cause a threat to Ergo if any censorship Ergo would fight it. Data backup is essential to running a website and I would imagine Ergo foundation to be taking many backups. The Ergo website and information on it are in safe hands. I do think a mirror of websites on TOR could fight the problem if anyone was ever to boycott the website.

1 Like

Oh man having tor access to ergo would be great. Even twitter can be accessed on tor. Would that mean the ergo foundation hosting their own tor server?

Do websites for Dapps essentially just act as a GUI or API for ergo smart contracts? So if a website were to be taken down the essential information is still recorded on chain, making it easy for a new interface to connect to the smart contracts that are the Dapp?

I read somewhere that many dexes are built custom fit to web hosting services (azure, awz, etc). The “Dapp” isn’t really a decentralized app, it’s just a normal website that integrates blockchain for its payment channels. In that case if the web hosting service sanctions the Dapp, the Dapp would disappear, and would have to be completely redesigned around a new web hosting service. Could this be true? Do you understand what I’m asking?

Also, how does that work with off chain or L2 solutions? Does L2 work outside the blockchain and just use the blockchain as a book keeper for the most important information? And offchain, does it operate the same way? For example the lightening network. I don’t understand the difference between the lightening network and a central bank network hosting a decentralized currency.

The websites themselves are just normal websites accept from they can connect directly with the dApp. Just acting as a graphical interface storing the website directly on-chain would cost too much in storage rent and there wouldn’t be a practical way of accessing DNS settings that are needed for the domain name system. If the website was to be taken down for example there would be no way to interact with the blockchain from the front end but the data would still be on-chain. The website is essentially a frontend user interface and the smart contract code when it runs the smart contract (dApp) then stores the value on the blockchain like open APIs. The backend code is a decentralized peer-to-peer network the front end is not. dApps are often built on top of a base layer of Ergo but the front end of the applications is centralized. Having tor access to the front-end would add an extra layer of security in the event any dApp fron’t end went down as users would still have a tool to interact with the blockchain via the smart contract.

A lot of popular dApps will often keep backup and prepare for any doomsday event a lot of these operators of dApps often have good business logic but it is certainly a worry that a web host could potentially close the webserver off hosting the front end whenever they feel like it. To get past this operators will store the data over multiple centralized servers as to not rely on one but this can become costly.

Many Dex will use a centralized server for their front end and this will often come with some of the challenges of running a centralized front end. With L2 they use Polygon as a second layer so, for example, NFT would be stored on Polygon chain rather than Ethereum the advantage is small fees in L2 chain by storing data on another chain wrapped means the NFT will inherit the good and bad aspects of that chain.

A good example of a website front end becoming inaccessible is FishBank.io it was a blockchain-based game on Ethereum. I minted a couple of these Fish when the game was becoming popular. The operators then pulled the rug leaving an unusable front end. Whereas if I was to add in my wallet address into OpenSeas I can still access the fish I bought buy or sell I am just not able to play the game making the NFT assets useless.

This video gives a good explanation of how dApps work using Ethereum as an example and how they can scale with L2 solutions.

1 Like

Is gas on ethereum different than transaction fees on ergo? My understanding is that ethereum uses gas fees to allow a market to form around transactions, letting people pay more to miners to get their transaction settled. Is this different on ergo?

Why would it cost too much in storage rent to store the website directly on-chain? My understanding was that storage rent is a fixed cost per inactive wallet, not related to the size of data stored on a wallet. So even a large data size website would only have to pay 1 storage rent fee, right?

So if a website front end for a Dapp were to be taken down, anyone could create a new website front end and re-launch the Dapp?

Thank you for your knowledge.

Gas on Ethereum is different from Ergo the fees are based on per tx or execution of smart contracts cost a fixed fee of 0.0011 ERG. In Ethereum, miners are able to choose what transactions they include based on Miner extractable value (MEV). Blockchain developers have started to create programs and apps that can programmatically reorg chains by targeting blocks that have some empty transactions this destabilizes consensus.

I think that would be correct assuming you could put the front-end on the chain. A website can be many GB and won’t be able to fit all the code in a single block. Adding code like this could cost a lot of Storage-oriented load, Computational load, Network load. Storage fees. Storage rent is a scheduled fee that is based on the continuation of each UTXO created in the blockchain.

Front end of dApp is for render and the back end for data.

If the front end of a dApp went down then I think anyone could relaunch the code of the smart contract but this would change the owner and make it a new contract. Every smart contract is owned by an address called as owner.

https://www.geeksforgeeks.org/creating-a-smart-contract-that-returns-address-and-balance-of-owner-using-solidity/

Guys please correct me if I’m wrong with any of this stuff.

1 Like