我们可以依靠Hyperledger Composer ACL来保护隐私吗？ [英] Can we rely on Hyperledger Composer ACL for privacy?

问题描述

Composer提供了一些相当不错的ACL功能，并且具有足够的粒度以防止基于复杂的业务逻辑进行未经授权的访问。

Composer provides some pretty good ACL features, with enough granularity to prevent unauthorized access based on complex business logic.

我了解使用Composer的API，未经授权的用户将

I understand that using composer's APIs, an unauthorized user will not be able to read data.

但是，如果用户使用Fabric的API怎么办？作曲家如何在结构级别上实现其ACL？商业网络共享单个渠道吗？在这种情况下，这是否意味着任何参与者/节点都可以手动查看该区块并查看私有数据？

However, what if the user uses Fabric's APIs? How does composer implement their ACL at the Fabric level? Is a business network sharing a single channel? In which case, does it mean that any participant/node can look at the block manually and see private data?

所以我的问题是，我们可以依靠Composer并假设

So my question is, can we rely on Composer and assume that if we correctly wrote our ACL file then the data is secured?

推荐答案

我会这样说，认为Composer ACL是就像您在Go中编写Fabric链代码一样安全，并且包括对给定事务可以访问或更新哪些数据的显式条件检查。

I would put it this way, the Composer ACLs are as secure as if you had written Fabric chaincode in Go and had included explicit conditional checks on what data a given transaction can access or update.

数据是未加密地存储在区块链上，并且 存储在世界范围内（例如，在CouchDB中）。因此，如果有人可以本地访问磁盘上的文件或CouchDB数据库以获得世界状态，则他们可以绕开ACL规则。但是，这不是Composer特有的，并且同样适用于用Go语言编写的Fabric链码。

The data is stored unencrypted on the blockchain, and it is stored in world-state (in CouchDB for example). So if someone has local access to the files on disk, or the CouchDB database for world-state, they can circumvent the ACL rules. This is not specific to Composer however, and would apply equally to Fabric chaincode written in Go.

这篇关于我们可以依靠Hyperledger Composer ACL来保护隐私吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！