Welcome to the Developer Q&A for the MultiChain blockchain platform.

Please feel free to ask questions about the platform to receive answers from the MultiChain developers or other members of the community.

Related questions

4,147 questions

4,360 answers

5,713 comments

Most popular tags

A few questions about privilege

+1 vote

First, thanks for the Multichain.

 

I've a few questions about privilege as follows:


1. Where are the permission data of Multichain stored? In particular, where is the information about Admin privileges stored? Is it the local disk of the Admin node, or is it inside the blockchain?

2. Is there a risk that the Admin privilege will be hacked or stolen when the ledger is shared and distributed like a normal blockchain?

3. It would be appreciated if you could suggest ways to protect the Admin privileges and enhance the security of the Admin node.

4. "Write permission" can be set when 'stream' is created with command "create stream stream1 false". Can I set read permissions? For example, for 'streamA', I want to give the address-a write permission and the address-b read permission. Address-c can not be read or written

 

Thanks in advance.

 

 

 

asked Dec 4, 2017 by Ilhun

1 Answer

+1 vote
 
Best answer

To answer each question in turn:

  1. All privilege information is in the blockchain only, and not dependent on local storage of any one node.
  2. The only way to steal or hack the admin privilege is to steal the admin's private key. You can also have multiple admins and use admin consensus as a way of reducing the consequences of this.
  3. This is the regular challenge of securing a private key. You can keep the private key away from the network (e.g. using a cold node or hardware security device) or you can use multisig admins.
  4. There are no read permissions for streams at the moment because all stream items are stored in the chain, therefore every node which has a copy of the chain can read the stream data. Any permissions we might add in the API would therefore create only "fake" security. There is more functionality relating to resolving this coming in future. But for now if you want to manage read privileges you need to use encryption of the items in the stream. See this for an advanced technique, where each item has its read permissions individually controlled: https://www.multichain.com/developers/stream-confidentiality/
answered Dec 5, 2017 by MultiChain
selected Dec 6, 2017 by Ilhun
...