When a Hyperledger Fabric smart contract calls getHistoryForKey it receive the updates for a particular key. I'm wondering where does this information come from? It's not stored in the world-view (levelDB, CouchDB) so it must be retrieved from the blockchain. Does the smart contract has access to blockchain? What am I missing?
There is a setting which enables the history database for peers. It is enabled by default and is a a physically separate database from world state.
Each channel has it's own history database. The history database uses LevelDB (an embedded database) for storage.
The history database stores key/txid/blocknum for each update. When you call GetHistoryForKey, it iterates through the history db and then retrieves the values from block storage.
Related
i want to fetch data from blockchain ledger instead of statedb like couch and leveldb.i want to write chaincode method that count the total record from blockchain ledger.
Chaincode API doesn't provide such functionality if I'm not mistaken, you can only get state by key or perform a rich query if you use couchdb for example.
I have some questions regarding the deployment of a HLF use case. Suppose we build a platform in which users sell items. The users and their items are stored on the ledger via chaincode. The purpose is to also enforce access control on the items via the chaincode, so that another user for example cannot see a specific item. Then the 2 options regarding the whole identity management are:
The users do not have certificates in Fabric, and all transactions made by the users are forwarded to a single registered Client who interacts with the chaincode. Therefore, the transaction context will always have this client's ID. So from my point of view the username should be always passed to each transaction and implement access control using this username, though a registered Client has full authority over their data.
Every user is registered and enrolled and have their own identity. Every user makes a transaction directly on the blockchain via the chaincode, and access control can be implemented easily by using the stub.ID() and other attributes. That would mean that >100k users would be registered on a CA or multiple CAs.
The questions are:
Is HLF intended and suitable for the 2nd option, or is it made solely for the purpose of interaction between clients of organizations?
Is there a best way to handle this matter?
A ledger stores facts about the history of transactions that led to the current state of an object. The history also stores the users responsible for the current state of the object. If the state of an object is being changed, the admin/authorized user of an organization must be able to see who performed that change.
In the first approach, if you want to see the details of the user doing the "transaction", you'll have to store it somewhere different from the blockchain. While that can be a use-case of your project, it defeats the purpose of storing all facts about the history of a transaction of an object as every time the same user would be doing the transaction.
The second approach fulfills all the motives of incorporating blockchain in a project. Sure, you'll have to register and enroll every user who's creating/modifying an asset but then Access Control Management can be done in a better way. Please read about ACL to know about the granular access you can achieve in Hyperledger Fabric.
Also, you can also encode some information about a user in its x509 certificate with ASN.1
Second option is more preferred and Hyperledger Fabric ca could handled number of user registrations. There is Attribute access control also available which you can use at chaincode level to control use access.
https://www.youtube.com/watch?v=CAXRMJ-quhg
I am building a hyperledger fabric blockchain application where several users interact. It seems to be working. Using hyperledger explorer I can also view the blocks and transactions in the blockchain.
However, it is not clear to me how to see get the transaction history for 1 user (based on his / her identity key)?
Basically, like for a customer of a bank, I would like to get only the transactions relevant to a particular user to provide him/her with a transaction overview.
Is there a tool for this? Is it integrated into Fabric?
There are several different ways to go about this.
On-chain: You'd write a chaincode function to return the corresponding transactions. To do this you need to keep track of each user's submitted transactions by storing the transaction UUIDs in the chaincode state (stub.PutState). With stub.getState you can later retrieve the state and return the transaction list. (inspired by this StackOverflow answer)
Peer SDK: As far as chaincode-independent transaction history goes I'm not aware of any API calls that support this. You can only get a transaction by its UUID.
Off-chain: Since you're already using Hyperledger Explorer, you should have a Postgres database containing indexed transaction data. You can query the transactions table from your application by filtering for the creator_id_bytes. Since Hyperledger Explorer needs to fetch new transactions from the peer first, there is some additional latency with this approach compared to 1/2.
Use case: a smart home which gathers raw data from all the sensors within it, processes them and extracts high level information from them. The owner of the house might want to share these information with other people, such as doctors, family members, friends... So, I'm trying to figure out which would be the best way to handle the access permissions on these data. Right now all the information are carefully encrypted and stored in a database (untrusted) and only the people with the right keys can properly decrypt those data.
My idea: I want to use Hyperledger Fabric to store and manage the access permissions to these files and also to store the hash digest of the gathered information for immutability purposes. Once the smart home generates an high level information from the raw data, it stores it inside the database and then it issues a transaction to Hyperledger Fabric with the timestamp and the hash digest of the data.
The smart home owner can share these information with other people, issuing a transaction with the ID of this person and an identifier of the data he would have the access rights on.
So before accessing the information stored inside the encrypted database, the application would check if the requester has the valid permissions stored within the blockchain.
My doubts and questions: since I'm really new on this topic, even though I've read a lot about it, I don't know if this would be an improper use of the Hyperledger Fabric. All the use cases I read about it, store all the data with Hyperledger Fabric, without relying on an external cloud storage service.
Since all the transactions would be stored in the blockchain and the blockchain is maintained by all the peers inside the same channel (btw I would use just one channel to keep everything), they may be able to access to the Hyperledger Fabric database and extract information about the smart home. Am I wrong? If not, how can I solve this issue? I could use the identity mixer feature to "hide" the transaction issuer, but still the transaction would be visible to all of the peers who keep the blockchain available.
I understand your questions. We could not hide all information from Peers, but you can encrypt sensitive information and allow specific people to decrypt it as you mentioned. In addition, even you cannot prevent malicious access on time, but you can collect malicious access activities for auditing in the future. for example: using access control on each world state database of peers.
We are developing an application where we want to store the data of the user on the ethereum blockchain. My thought process is something like this
Have a contract that interfaces with the UI.
When the user enters info on the UI, it triggers the solidity smart contract
The smart contract will inturn trigger an event through oraclejs that will store the data on a database
I want to know if there is a better way to do this.
The blockchain is used for its property of transparency, immutability, security and no downtime. If you use public blockchain the user data will be visible in the transaction and anyone can see it. To utilize the full potential of blockchain I would recommend either using Private Blockchain or encrypt the data while storing in the block.
As storing in Blockchain is costly operation you can store the data in oracle db and store the rowhash(I recommend sha256()) to the blockchain.
mapping (uint=> byets32) dataHashById;
Now whenever you fetch the data from db, you have to make hashing of that row and verify against the hash from blockchain. Thats it.