I'm working with Hyperledger Fabric, and developing Chaincode in Golang. I have the following use case and am not sure how to implement this in Fabric.
Suppose i have Bank1, Bank2, and Bank3 peer organizations. I want to design a system where they each store Client information (where client is a bank account holder). Typically, I wouldn't want Bank2 to have acess to Bank1's clients -- but if the client invokes a certain function call somehow, bank2 should be able to fetch that client's information over from bank1 (given all banks share a channel)
How can I achieve something like this in chaincode?
I've looked at ABAC, im not sure how i can update the attribute of an org to allow access to a specific client based on them having taken an action
Thank You
One solution could be to have private information outside of blockchain, and enable each bank to query it's private information by an API, directly from your chaincode, and have a shared channel among all the banks that share information through chaincode calls. Of course all APIs must be secured to be only queryble by it's own bank.
Another solution without having to implement things out of your blockchain would be to use private data collections, which is an improvement made to Fabric in version 1.2. More information here: https://hyperledger-fabric.readthedocs.io/en/release-1.2/private-data/private-data.html
Update:
Is it safe to call external apis from the chaincode? How would I maintain secret keys/tokens?
Yep, it's safe as far as you secure your communications and your endpoints. An easy solution would be to have your node and your private data store inside the same network, inside a firewall. In that way you wouldn't have to worry about security inside your applications.
To implement this using Private Data, is it possible to maybe have an array of strings which are identifiers for the banks in the Client struct, and the client can invoke functions to allow more banks, and when banks try to query a Client the code checks that array if the bank's identifier is included there or not?
It seems to me that you are in the right direction, but I would implement it as a JSON file, more than an array with access rules, stating that for BankA, BankB has access to this and that functions and so on, and also you can set levels of visibility in the information, and then implement the logic that reads and uses that config in your chaincode. In production, each node will have to have its own config file, but for development you can have a single config file with all the rules.
Update 2:
Is it possible for someone from an organization to 'query' the ledger or read it's state directly and NOT through the chaincode?
Short answer: yes, it is possible. Whatever gets written in the blockchain, would be readable by administrators of peers, and anybody who has control over private keys. BUT here is where architecture comes into play: if you don't need something written in the blockchain, just don't write it. It depends on what you want the blockchain for. If it's just to attest that an information has been shared, just save the necessary information: 'bankA shared info about userB with bankC'. The actual info doesn't have to be saved in the blockchain. If you need to have the info in the blockchain and you want to keep it private, I think the best solution is using private data collections, and be awared that in fact private data is not subject to consensus, because private data gets saved in a side DB only in the peers/organizations involved in the private transaction, not in every peer.
Related
I got a request as a developer to develop a bitcoin exchange site like https://mypatricia.co/ or https://instantcoins.ng/ I am to leverage on third party API like Coinbase, blockchain, it could be anything reliable API.
Users will be able to buy and sell bitcoin. For instance USER A makes an offer. USER B is interested in USER A's offer. When USER B clicks a button, with be a switch from USER A's wallet to USER B's wallet. Before the EXCHANGE is done. USER B is prompted to make payment in local currency.
I have been looking at https://developers.coinbase.com/api/v2#introduction https://api.blockchain.com/v3 I dont know how to go about it.
Is there any other better ones to work with?
There will be some other endpoints like
Where users get list of their orders
check wallet etc
I will appreciate your contribution
This is a very broad topic, so I'm just going to tackle few key points.
Dependency on third-party blockchain data
You can get rate limited
You might be a subjet to a man-in-the-middle attack
The source might (intentionally or unintentionally) send incorrect data.
The data is usually delayed
You'll most likely need to use another tool to create deposit addresses (since the third-party tools will allow you to create only limited amount of addresses on your account).
It's very risky and unreliable to use a third-party data. It's an industry standard to run a full node for each cryptocurrency you work with and access the blockchain data from your own node instead of a third-party API.
Escrowing the offered amount
As per your example, you need to make sure that user A is actually going to transfer the BTC. Since there are no smart contracts in BTC, you need to act as an escrow.
So you need to accept the BTC from user A to their deposit address (only your site should have the private key to this address) before you even allow them to pass their order into the queue.
Order list
Since you're going to be storing the order list on your side, you need to create a separate database and CRUD endpoints to maintain the order list.
In the Hyperledger Fabric Docs, while reading about private data collections I came accross this sentence regarding memberReadOnly:
Utilize a value of false if you would like to encode more granular access control within individual chaincode functions.
If I understand this correctly, this allows me to code into the smart contract specifications that will allow me to limit control to eg. specific clients of one organization instead of all peers of member organizations.
If that is so, I am curious as to how this can be done in the contract. Is there a specific way to handle access control or is it at my own discretion to write code that will enforce it? If you can provide me with any examples it would be very helpful.
To clarify what I mean, I come from Ethereum and what I am essentially asking is whether there is something like the require method in solidity, or would I just use a simple if.
Thanks for any help. If you close question for wrong site, please point me to the right place as I have not been able to find somewhere more relevant.
You didn't understand correctly.
Setting this value (memberOnlyRead) to true means that if a client sends a proposal to a peer, and the client is not in the collection, then if the peer is in the collection and has access to the data - it will refuse with an error automatically no matter the smart contract says.
If it's false, then the peer won't enforce such a thing, and then you have more freedom to code any access control logic you want for the clients.
I would like to retrieve all transactions from the Hyperledger fabric netwrok for assurance. Please guide me to how retrieve transactions from all the peers to validate and completness of the transactions ?
Thanks in advance.
I think it depends on your business requirement. For audit purpose, it's more likely you want to know transactions about a specific asset(key/value). You can query history of a specific key using the GetHistoryForKey() shim API. A transactionId is contained in the response. Then you can query the detail by the transactionId.
In addition, there are some query apis provided from the Fabric SDKS. For instance, the NodeSDK. In the Channel class, there are a bunch of apis like queryInfo, queryBlockByID, queryBlock, and queryTransaction etc. The fabcar sample provides some NodeJS code you can follow up to create your own queries.
Finally, you can also inspect the ledgers (file based) directly from peer node. By default the path is /var/hyperledger/production/ledgersData/chains, within which there are ledger files per channel. To inspect the files, you may need to investigate the FileLedger impl. With some initialization work, you can inspect every block, the hash, the transactions and the Read/Write sets in detail. Hope this is helpful to you.
I'm looking at knowing, In order to update a asset,
When should I need to write Transaction in lib/script.js
vs.
when should I be using composer-client code using bizNetworkConnection.getAssetRegistry?
I see that I cant use the feature of event emission in later case, Is there any other reason why I should be using it?
Please help me know.
The important thing about writing a Transaction is that it becomes part of the Agreed Smart Contract. So the creation of one or more assets or participants in the same transaction with the associated logic is agreed. This Transaction is a class and can have a specific ACL rule associated with it (also in the smart contract), whereas if you use composer-client you would add individual assets or participants using a generic system transaction AddAsset or AddParticipant.
So writing your code in a Transaction provides a 'better' Blockchain app with a stronger Smart Contract and improved security.
Recently I discovered how useful and easy parse.com is.
It really speeds up the development and gives you an off-the-shelf database to store all the data coming from your web/mobile app.
But how secure is it? From what I understand, you have to embed your app private key in the code, thus granting access to the data.
But what if someone is able to recover the key from your app? I tried it myself. It took me 5 minutes to find the private key from a standard APK, and there is also the possibility to build a web app with the private key hard-coded in your javascript source where pretty much anyone can see it.
The only way to secure the data I've found are ACLs (https://www.parse.com/docs/data), but this still means that anyone may be able to tamper with writable data.
Can anyone enlighten me, please?
As with any backend server, you have to guard against potentially malicious clients.
Parse has several levels of security to help you with that.
The first step is ACLs, as you said. You can also change permissions in the Data Browser to disable unauthorized clients from making new classes or adding rows or columns to existing classes.
If that level of security doesn't satisfy you, you can proxy your data access through Cloud Functions. This is like creating a virtual application server to provide a layer of access control between your clients and your backend data store.
I've taken the following approach in the case where I just needed to expose a small view of the user data to a web app.
a. Create a secondary object which contains a subset of the secure objects fields.
b. Using ACLs, make the secure object only accessible from an appropriate login
c. Make the secondary object public read
d. Write a trigger to keep the secondary object synchronised with updates to the primary.
I also use cloud functions most of the time but this technique is useful when you need some flexibility and may be simpler than cloud functions if the secondary object is a view over multiple secure objects.
What I did was the following.
Restrict read/write for public for all classes. The only way to access the class data would be through the cloud code.
Verify that the user is a logged in user using the parameter request.user ,and if the user session is null and if the object id is legit.
When the user is verified then I would allow the data to be retrieved using the master key.
Just keep a tight control on your Global Level Security options (client class creation, etc...), Class Level Security options (you can for instance, disable clients deleting _Installation entries. It's also common to disable user field creation for all classes.), and most important of all, look out for the ACLs.
Usually I use beforeSave triggers to make sure the ACLs are always correct. So, for instance, _User objects are where the recovery email is located. We don't want other users to be able to see each other's recovery emails, so all objects in the _User class must have read and write set to the user only (with public read false and public write false).
This way only the user itself can tamper with their own row. Other users won't even notice this row exists in your database.
One way to limit this further in some situations, is to use cloud functions. Let's say one user can send a message to another user. You may implement this as a new class Message, with the content of the message, and pointers to the user who sent the message and to the user who will receive the message.
Since the user who sent the message must be able to cancel it, and since the user who received the message must be able to receive it, both need to be able to read this row (so the ACL must have read permissions for both of them). However, we don't want either of them to tamper with the contents of the message.
So you have two alternatives: either you create a beforeSave trigger that checks if the modifications the users are trying to make to this row are valid before committing them, or you set the ACL of the message so that nobody has write permissions, and you create cloud functions that validates the user, and then modifies the message using the master key.
Point is, you have to make these considerations for every part of your application. As far as I know, there's no way around this.