BEPs icon indicating copy to clipboard operation
BEPs copied to clipboard

Published 20 hours ago verified publisher icon bigchaindb

Feature Request

Open codebysandip opened this issue 6 years ago • 2 comments

We are developing supply chain on blockchain technology. We are using BigchainDb to implement blockchain in our product. Currently we are developing pilot and we are facing following issues:

  1. We want a network where validators of network can just keep data. (We are adding validators only to gain trust of customers). They should not create transaction. There should be a configuration that should prevent validators to create transactions. Workaround suggestion: Tendermint can implement based on power of validator. If validator have highest or equal to highest power in genesis.json then only can create transaction in network.

  2. Currently any validator can tamper data on their machine by using mongo db query (insert, update and delete) and BigchainDb not implemented any mechanism that can detect those tamper. There should be a mechanism that should detect tamper and should start sync. Workaround suggestion: You can use hash of collections provided by mongo or can simply generate hash of mongo database and compare with all online validators during insertion of transaction. This is following link for hash https://docs.mongodb.com/manual/reference/command/dbHash/ .

  3. BigchainDb should also watch mongo collection for change query. By doing this BigchainDb will able to prevent tamper on every machine. You can refer this link https://docs.mongodb.com/manual/reference/method/db.collection.watch/

  4. If you are planning to develop a supply chain like product on BigchainDb then a single collection will not able to fulfil all requirements. BigchainDb should give a option to insert data in collection given by user while creating transaction like this: connection.postTransactionCommit(transactionSigned, {collection: "myCollection"}); // default will be transactions While getting transaction user will pass collection like this: connection.getTransaction(transactionId, { collection: "myCollection"}); // default will be transactions collections

  5. We altered asset data in assets collection. As you are storing hash in transactions table that compares data with assets collection data. When I requested from api to get data then response was "Internal server error". You should send some valid response like Data altered in mongo. So that user can know what actually went wrong because one day when i will check my log then i can deduce what actually went wrong and I can take action on this.

  6. There should be a inbuilt authentication mechanism in BigchainDb server api. I know i can disable http request on server and my wrapper (api server) will send request but I think there should be authentication mechanism like AppId and App secret or any other standard authentication.

codebysandip avatar Oct 03 '18 10:10 codebysandip

I suspect that feature request 1 might be technically impossible, but I'd be happy to be proven wrong.

Requests 2 and 3 are similar and it would definitely be nice to have some kind of "local watchdog" watching each node for signs of tampering. That's a good idea for a new BEP.

Don't get too excited though: the node operator controls their node, including all the software running on it. A malicious node operator, who wants to tamper with their own node, would start by turning off the watchdog (i.e. by disabling the alarm system). However, the node operator can only mess up their own node, not any of the other nodes (or at least that is how the system is supposed to be set up).

The remaining feature requests (4-6) are reasonable and sensible. 4 and 6 are quite substantial and therefore might warrant new BEPs, i.e. to describe the feature in detail before implementation. Number 5 might make more sense as a new stand-alone issue in the bigchaindb/bigchaindb repo.

Please note, however, that our company (BigchainDB GmbH) is scaling back the resources we're putting into developing the BigchainDB software. There are many companies using BigchainDB software, and some of them have stepped up to take over the maintenance, improvement, and governance of the BigchainDB software, under the umbrella of the IPDB Foundation. For more information, see our blog post:

https://blog.bigchaindb.com/the-next-evolution-for-bigchaindb-software-a104185a8763

ttmc avatar Oct 14 '18 09:10 ttmc

Hi Everyone , Could you please clarify on the following questions I have 4 nodes in bigchain db network, and i have some assets (belongs to one of node ). i edited the asset details in db accidentally now i am not able to transfer asset since it is expected behavior . but i want to transfer the assets with old details . how to make my db sync with all nodes. is there anyway to do that . please share the documents for the same if any

BarathKumarDharani avatar Sep 28 '19 04:09 BarathKumarDharani