Hi, first of all, thanks for building MultiChain. I'd like to ask a few questions if it's okay.
I'm trying a build a private blockchain using MultiChain that is accompanied by a front-facing app that allows users to interact with this blockchain.
This blockchain has several nodes. As suggested, the first address of a new node is granted with admin permission so that there is always admin permission available.
I found that, with the RPC credential values set up right on the app side and `rpcallowip` configured properly on the node side, you can call the API and easily find out which address has the admin permission and from there do pretty much anything you want with any of the `*from` commands, even if all of the `anyone-can-*` parameters have been configured to false. So, it's really up to the front-facing app to actually restrict this capability to call any API commands on the blockchain. So, question 1, is this understanding correct?
Question 2. If the server hosting the app ever gets hacked, is there a way to restrict access to the address that has the admin permission?