Are Ethereum contract function securable?

0 votes

I am using testrpc and web3.

I used the idiom below to ensure that only a previously defined user should be able to do something:

function doSomethingProtected() {
        if ( msg.sender != authorizedUser )
                throw;

        flagSomething = true;
   }

When calling the function on an instantiated contract with web3 as follows:

myContract.doSomethingProtected( { from: "0x..." } );

it worked. At first I was pleased but then I realized the web3 API had not required me to provide any passphrase for a private key or such like.

Can anyone with the simple knowledge of someones public key/address call this function?

The use of this idiom in the examples led me to believe a benefit of the Ethereum contracts was that it ensured msg.sender was cryptographically assured.

Oct 26, 2018 in Blockchain by Prerna
• 1,940 points
19 views

1 answer to this question.

0 votes
The reason is that you are using testRPC, which doesn't lock it's accounts, so you don't need a password.

If you were to do this with geth, you would need to unlock the account before sending from it.

Without the private key, that function will throw an error, so you are correct in using that authorization method.
answered Oct 29, 2018 by Christine
• 15,790 points

Related Questions In Blockchain

0 votes
1 answer

Where are the transaction details of a smart contract is written in Ethereum?

First ques:where in the blockchain is a ...READ MORE

answered Jul 11, 2018 in Blockchain by Shashank
• 10,350 points
41 views
0 votes
1 answer

Can a hacker change data of a smart sontract without call contract function?

A contract's content cannot be changed internally. ...READ MORE

answered Apr 7, 2018 in Blockchain by Shashank
• 10,350 points
27 views
0 votes
1 answer

where is ethereum contract instance state stored???

Migrating the state to a new version ...READ MORE

answered Jun 1, 2018 in Blockchain by Shashank
• 10,350 points
23 views
0 votes
1 answer

Truffle tests not running after truffle init

This was a bug. They've fixed it. ...READ MORE

answered Sep 11, 2018 in Blockchain by Christine
• 15,790 points
138 views
0 votes
1 answer

Solidity geth: Error encountered during contract execution [Bad instruction]

recipes is a dynamic storage array. You need ...READ MORE

answered Oct 15, 2018 in Blockchain by Omkar
• 67,380 points
75 views
0 votes
2 answers
0 votes
1 answer

How can I deploy a HelloWorld contract on my testrpc network?

The problem lies in the command: truffle migrate Your truffle migrate command ...READ MORE

answered Apr 27, 2018 in Blockchain by Perry
• 17,020 points

edited Aug 10, 2018 by Omkar 461 views
0 votes
1 answer

Smart contract limitations in Ethereum and Hyperledger Fabric

No, the contract cannot sign on behave of B. A ...READ MORE

answered Sep 11, 2018 in Blockchain by Christine
• 15,790 points
63 views
0 votes
1 answer

How to detect if an ethereum address is an ERC20 token contract?

There are many possible ways to achieve ...READ MORE

answered Sep 24, 2018 in Blockchain by Christine
• 15,790 points
147 views