What happens in Hyperledger Fabric on a private channel block-chain consisting of only two peers if one of the peers is faulty and manipulates it's private block chain?
So the two copies of the block chain will diverge and finally it will be impossible for a consensus algorithm to tell which one is correct.
Is this a valid problem? If so, how would this be mitigated? Would it help to add additional peers to the channel (e.g. placed at a regulator's data center) which are not in control of the two peers mentioned above? Or is there a better solution to tackle this problem?
Adding additional peers to each organization would defend against any single node becoming compromised. Adding additional nodes to the channel(s) at an independent 3rd party (auditor, regulator, or other trusted provider) would be another valid strategy to defend against a counter-party with malicious intent.
The consensus is achieved in the Ordering Service, the Peers are independent from it. I think that they are two different things:
The Peers don't manipulate the Blockchain. They could send incorrect or invalid transactions. The result of the execution of those transactions depends on the Smart Contrac that you have on the Peers, and the Endorsement Policy that you have defined. Then, each Peer sends the validated transactions to the Ordering Service.
The Blocks are created by the Ordering Service, so the blocks will be equal to both peers.
The solution to that issue would be to create an Ordering Service where the orderers are located in additional and independent 3rd party.
Nowadys, the Ordering Services gives you the chance to choose among different Services: two different are developed, a third one will be ready soon. More info about it, here.
Related
I am relatively new to Corda and stumbled upon a question that I am not able to find a clear answer to.
In my understanding a CorDapp is the entirety of Contract,State and Flows regarding a specific Use-Case.
Would it be possible to have different CorDapps running on different nodes?
For example in a network with 3 participants A,B and C where A&B need to interact with eachother and B&C need to interact with eachother with a different Use-Case. Can A&B have the CorDapp for their Use-Case running without C having it installed on their ledger?
Basically the question is, if all nodes on the network have to share all CorDapps no matter if they interact with eachother or not.
Thanks in advance
Florian
Yes, it is definitly possible and one of the main advantages, from my perspective, of a Corda. In Corda, nodes only need to have the CorDapps relevant to the them. In your example, A and B would only need to have the CorDapp for payables product, as an example, and C would only have receivables product.
In addition, there is also a possibility for all CorDapps to be installed on a single node, but access to them can be managed on the Client Service application (e.g. Spring Service that communicates with Corda Node)
By default someone can read the state data using REST API. Is there a way to add read permissions on specific addresses and change them while the network is up.
The short answer to your question is by using a proxy server, the documentation you're referring to in the question mentions it here https://sawtooth.hyperledger.org/docs/core/releases/1.1/sysadmin_guide/rest_auth_proxy.html#using-a-proxy-server-to-authorize-the-rest-api
There may not be an out of the box component that does what you're asking. There's definitely possibility of doing what you're asking for. You can add the logic filtering based on the read address in the proxy server.
More explanation:
If you're considering one Validator instance per organization. Organization participates in a blockchain application use case then all the participants in the network can see the data you store in the state store. It's the responsibility of the participating organizations to restrict the access to their data. Using the proxy server is one such means.
If you're considering adding multiple use cases per organization, participating in different network altogether then it is advisable to have a different Validator instance per those use cases that require isolation. Again, it's the responsibility of each organization to protect the data stored in the network they're participating in.
For the point 2, the Hyperledger Sawtooth 2.0 proposed solution allows you to run multiple instances of the Validator as a service in a single process. That means you can have one physical node (also process) participating in multiple circuits providing isolation.
Before I end the answer for the benefit of others searching for an answer: Blockchain is not just a distributed storage but also a decentralized network. There are number of design patterns that allows us to keep the critical data outside the blockchain network and use the functionalities of the blockchain network (achieving consensus, smart contract verification to be specific) for what it is expected to do.
Generally, we do not have peers concepts in Corda. We always call them as nodes. How to create multiple peers (nodes) for single organization (Party) in Corda?
Technically, you can register as many peers (nodes) for the same organization. As long as, you let your counterparties know that those X509 names belong to your organization.
But, keep in mind that your peers cannot share from the database level, meaning that if peerA received some info from an external party and stored at its vault, PeerB cannot just go into peerA's vault and use it for its transactions.
That is, PeerA and PeerB are entirely different parties on the Corda level. If you want to share some information, you need to do a Flow. This is to protecting provenance and immutability of the ledger.
Looking into the future, our dev team is implementing a new accounts feature. It will be released with Corda Enterprise 5. This feature allows having multiple accounts under the same node. If you would like more information join the slack channel and ping me #http://slack.corda.net
If I develop an online application using Blockchain and I have three parties(or peers) required to reach consensus then Do I need a node for each of the three participants or the one node is enough. what I am not able to understand is how I will maintain a node or nodes.
I will be maintaining the database at one location?
First understand that blockchain architecture is not as normal client-server architecture.
In normal client-server architecture, client can change entries that are stored on a centralized server. By changing master copy, whenever a user accesses a database, they will get the updated version.
This is not at all the same as with blockchain technology.
A blockchain is a mesh network of computers linked not to a central server but rather to each other. Computers in this network define and agree upon a shared state of data and adhere to certain constraints imposed upon this data. For a blockchain database, each participant maintains, calculates and updates new entries into the database. All nodes work together to ensure they are all coming to the same conclusions, providing in-built security for the network. Database are distributed across the participant nodes and transactions are immutable.
How the blockchain will maintain different nodes?
Through the use of a peer-to-peer network and a distributed timestamping server, a blockchain database is managed autonomously.
For a production network of three parties (in Hyperledger Fabric we use the term 'organizations') you would likely want to have a network of multiple (2 or more) peer nodes per organization for crash tolerance and increased resilience. You would also likely want to run these peer nodes on different host nodes in different data centers or cloud availability zones.
How can a malicious activity be controlled in hyperledger fabric ?
Any links will be helpful too.
Fabric is an implementation of the Blockchain. Blockchain guarantees safety because it is a distributed system. The information is replicated in different nodes in the network. So, if you changed one, the other nodes would realize.
On the other hand, a Blockchain is a chain composed by blocks that store transactions. Each block references to the previous one, so if you wanted to modify the data in one block, you should change all the blocks. And this is computationally very difficuatl, you should have more than the 51 % of computing capacity of the network.
You can read more about it here.
You can control through put txt and a potential maximum per port or user per second.
Create a transaction fee which would limit what they are doing if they are taxing the network.
Kick them off the network.