Is a contract's storage public?

Hi,

Contracts have their own key-value storage in Ethereum. My question is - is the data saved in that storage publicly accessible, or can it be programmed to only allow access to certain parties and disallow to the rest?

For example, let's say I want to design a contract that allows users to save their passwords on the blockchain. Naturally, I'd like to ensure that each user is the only one with access to his own password. In this case, once a user submits his password for the first time - it is written as the entry: user --> password. Then, if the user wants to retrieve the password, he will issue another message to the contract asking for the password. Since his identity will be verified, he will get his password.

The question is - can anyone else access the data? Is it public on the ethereum blockchain (as is the case with other blockchains)?

* Note: Needless to say, this is not a real use-case, just an example to illustrate my question.

Comments

  • mids106mids106 Member Posts: 188 ✭✭✭
    Yes, its publicly available to all Ethereum nodes. If you want to store sensitive information, you should ensure that it is encrypted before doing so.
  • guyzguyz Member Posts: 5
    In that case, returning specific data to specific users is not possible (or basically futile), because everyone can get that information?

    For an instance (to paraphrase):

    if (msg.sender == APPROVED_USER):
    return(contract.storage['some_hidden_information'])

    If I understand it correctly, such contract code serves no purpose, because everyone can see contract.storage['some_hidden_information'].

    Is this true?

    Also, where can I find more information about how this is handled? I wasn't able to find concrete information about the relation between the contract's storage and the public ledger.

    Thanks!
  • mids106mids106 Member Posts: 188 ✭✭✭
    Correct, you can't hide information that way. For more information about the contract storage check out the Ethereum White- and Yellowpaper:
    * https://github.com/ethereum/wiki/wiki/[English]-White-Paper
    * http://gavwood.com/paper.pdf
  • guyzguyz Member Posts: 5
    Thanks!

    What about the input/output(computation result) of a message sent to a contract - is that visible to everyone, or only to the sending node?

    For example, I'm thinking of a contract that works as follows: A sender sends a message with an encrypted cypher, and asks for the node with the decryption key to decrypt the data and return it to him.

    However, I'm not sure if the decrypted message would be visible to the entire network(bad), or just to requesting node(good).

    If this isn't possible, what is the right way to achieve something like that in Ethereum?
  • loiluuloiluu Member Posts: 7
    @guyz‌ I guess A should send along his public key and the node will encrypt the message with A's public key. Then later A can decrypt the message by his secret key. Its a standard public encryption technique.
  • TechnologovTechnologov Member Posts: 102 ✭✭
    Short answer: everything is public. Passwords visible.

    Long answer: there is a development going on program obfuscation.
    Read : ethereum wiki-problems-4. Code obfuscation
Sign In or Register to comment.