Offline Commissions/Messages

Problem

While downtime is never planned, it can be hazardous to artists and commissioners. While this can be mitigated by manually copying and pasting every commission and private message down to a text file, someone may have been out of town or at a convention for a weekend and viewed it on phone or mobile device unable to save a copy to cloud or with the rest of the files such as desktop. When sites go down or are unreachable either because of a hosting issue or a local user network issue, even already established commissions may not get completed because of lack of access to refsheets or such. While the following suggestion may help with already sent messages and commissions, there would still always be the issue of a down server preventing new communication from occuring and this does not find a solution for that at this moment of time.

Solution

A mobile/desktop application to take push notifications or occasionally check in and sync down copies of all the private message threads as well as the commission entries and their attached or linked files, if the domain goes down then, users can run from the local cache and as soon as it comes back up it can check in again and sync with any changes by timestamp+nonce order of newest modifications.

Though programming an app or executable would be more development time, a subdomain with HTML5 manifest file may be quicker alternative, for offline 'web app' caching, sites set up like this you can browse to even if you have no network connection, the cache saves all the sites assets from manifest file in root domain and meta header tags allowing the localStorage api to pretend a browser is unaffected by network status.

This would provide only an interface to simple email like interface of entries that when clicked expand or shift to new panel or page of the information. Just having this redundant backup would increase confidence that even if there was a loss of service for gaining new commissions, at least they would have the ability to work on already established projects.

Technical

For a mobile app, can be even a webview with locally downloaded and cached html and javascript, only using the mobile app platform to allow for push notifications to trigger more syncs and a more guaranteed persistent storage as well as security of being tied to a device id.

If browser based, something like webapp.furrynetwork.com or offline.furrynetwork.com would contain the project from complications of caching too much or the wrong things and preventing dns issues mixing up if the site does go offline. If on the live site you include the manifest headers to force the sync and download to a browser simply because someone is logged in, then if they don't explicitly log out, it may cause security issues with people logging on to FurryNetwork on friends computers or other nonsecured devices. On the other hand, if you don't do the automatic sync and download cache of the manifest simply with using the site at all, the entire concept of protecting the user becomes useless simply because of forgetfulness or laziness.

Perhaps storing the cache with an encryption of their username and password, so feeding the local storage back through the load function returns garbage and it detects that it's not correct and shows a failed load, I think that'd be adequate for commissions and messages while it'd still be stored locally and possibly vulnerable to brute forcing with physical access to that computer during the time that the user never logged out and their cookie session for staying logged into the site is still valid. If it ever detects the user was logged out and the sites not down, purge the storage and sign the user out.

If a mobile app or desktop app, it would typically be assumed that mobile would be secure due to the sandboxing nature of each app and someone would be less careless with leaving a desktop app installed, running, and signed in if it was not owned by the user. The biggest threat to security is web app idea having to rely on a localStorage cookie and having to secure with pure html+javascript only.