Restricting access to address with admin permission

Question

Hi, first of all, thanks for building MultiChain. I'd like to ask a few questions if it's okay.

I'm trying a build a private blockchain using MultiChain that is accompanied by a front-facing app that allows users to interact with this blockchain.

This blockchain has several nodes. As suggested, the first address of a new node is granted with admin permission so that there is always admin permission available.

I found that, with the RPC credential values set up right on the app side and `rpcallowip` configured properly on the node side, you can call the API and easily find out which address has the admin permission and from there do pretty much anything you want with any of the `*from` commands, even if all of the `anyone-can-*` parameters have been configured to false. So, it's really up to the front-facing app to actually restrict this capability to call any API commands on the blockchain. So, question 1, is this understanding correct?

Question 2. If the server hosting the app ever gets hacked, is there a way to restrict access to the address that has the admin permission?

Thanks!

Answer 1

First I wouldn't suggest that every node has an address with admin permissions – this gives too much power to whoever is in charge of administrating that node's server. You can have a single admin, or a small number of admins, but they should be chosen carefully.

Second, for now, if you want to restrict access to a particular address in a MultiChain wallet, you need to make it an address for which the private key is held outside the wallet. You can then pass in the private key when necessary to sign transactions. See this tutorial for more details: http://www.multichain.com/developers/external-key-management/