Hacker News new | past | comments | ask | show | jobs | submit login

It also has to match on the OriginID and AssetID has as well - the checksum is a final check on the actual payload (once decompressed).

Right, but if I modify your client to be malicious, I can spoof those two id's, right?

You can but our backplane won't know about you local modifications. When you're client informs the backplane (on a sync) it will see that those IDs and hashes we're registered and it will instruct you client to delete them.

E.g. modifications that happen in your local instances are checked against our backplane. If an asset hasn't been registered (and verified independently via our backplane) it won't be available for replication

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact