Can we rely on Hyperledger Composer ACL for privacy?
Question
Composer provides some pretty good ACL features, with enough granularity to prevent unauthorized access based on complex business logic.
I understand that using composer's APIs, an unauthorized user will not be able to read data.
However, what if the user uses Fabric's APIs? How does composer implement their ACL at the Fabric level? Is a business network sharing a single channel? In which case, does it mean that any participant/node can look at the block manually and see private data?
So my question is, can we rely on Composer and assume that if we correctly wrote our ACL file then the data is secured?
1 answers
solution1
3 ACCPTED 2017-11-24 16:55:11
I would put it this way, the Composer ACLs are as secure as if you had written Fabric chaincode in Go and had included explicit conditional checks on what data a given transaction can access or update.
The data is stored unencrypted on the blockchain, and it is stored in world-state (in CouchDB for example). So if someone has local access to the files on disk, or the CouchDB database for world-state, they can circumvent the ACL rules. This is not specific to Composer however, and would apply equally to Fabric chaincode written in Go.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.