Does accessing files pinned on my own node weaken security?

If I run my own node and pin a small file that after 30 days only exists on my node, then attempt to access my file from a public gateway via its hash, what prevents me from changing the contents of the file inside my own node? Or even changing the code of my node so that it returns an arbitrary file for that hash?

Does the gateway re-hash the file I give it to make sure it matches the requested hash?

Does the gateway re-hash the file I give it to make sure it matches the requested hash?

Yes it does. ALL requests are hash gated, if you request something even if there are multiple nodes the gateway (or other nodes) always hash and check what you sent.

Thanks, any citations I can read more about this from?

You could read about bitswap I guess:

Hmm, this doesn’t mention that blocks received from nodes are verified for integrity.

CID is content based, you always get the same content from ipfs network no matter where you are as long you have the same CID

I think there is some nuance to the question here. The gateway might check the hash but you’re trusting it to do that since it will probably return you the complete file so there is no way to check that the CID actually matches. The CID is computed on the merkle-dag not the file and you don’t have that information once it’s be reconstructed back into the file. I believe you can now request that the gateway return a CAR file which does contain this information so you don’t have to trust the gateway if you retrieve the file this way.

As far as changing the file on your local node, there really isn’t really even a concept of changing a file. Any change you make will result in a new CID and conceptually a new file. If you did decide to lie and distribute blocks with a non matching CID the receiver would check if the CID matched the data, see the discrepancy and reject that block. I don’t know if IPFS has a mechanism to block or throttle nodes that continually provide bad blocks.

You can see from this recent post that a local node running IPFS even detects bad blocks from what is probably a failing hard drive rather than malicious intent How can I (forcibly) overwrite a damaged block in the repo with a good copy?

You can change the content of the file through ipfs files write, you can still refer to the file with the same file name.
It’s true that CID changes if content changes, but there’s also gossipsub and ipns in the ipfs protocols to address this.

I would caution against thinking in terms of “[the] CID changes if content changes” because it views the data as mutable with simply a dependency between CID <=> content. Nothing changes. You added a file and got the CID then added a new file, no matter how similar it is to the first one it is a different file, you get a new CID. The old CID is there, the old file is there, nothing has changed. That one file was derived from the other is completely transparent to IPFS.

If you think of CIDs or files as changing it might give the impression that the old CID/file goes away because it was “replaced” which isn’t the case.

It would be the case that the old file was replaced with the new file.

but because ipfs doesn’t delete the old files when you add a new file they are still there.
If you are using ipfs files write instead of ipfs add, in the CLI, your old CID is gone (although not until next garabage collect) which works like replacing.

Certainly the file may hang around in the ipfs network forever and you can’t delete it once it’s added to the network. but if it’s not popular and you are the only one seeding it then yes you’ve deleted the old CID / file and replaced with the new one.