Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-15536

Private data logs should be erased when deleting (GPDR compliance)

    Details

    • Type: Story
    • Status: Backlog (View Workflow)
    • Priority: High
    • Resolution: Unresolved
    • Affects Version/s: v1.4.1
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      My concern is regarding having a GPDR compliant scenario where private information can be delated. After testing deletePrivateData function in my chaincode, I could observe how the private data is successfully deleted. Nevertheless, I realised there are logs with sensitive information that remain stored in the peers. 
       
      I've read these logs are used for data recovery in the case is needed at some point. Anyhow, if the private data is erased shouldn't these information be deleted from the logs too? 
      Once the private information is deleted from private data, the information in this logs is still visible (not even encrypted). Please, check what can be seen in the logs:
       

      root@2a3221773e19:/var/hyperledger/production/ledgersData/pvtdataStore# cat 000001.log 
      S�d\examplechannel���examplechannel���2examplechannelexamplechannel����examplechannel��F�2examplechannelexamplechannel0��ŭ3examplechannelSimpleChaincodecollectionWorkerX
      collectionWorkerDB
      worker_16{"id":"worker_1","name":"Bob Smith","dni":"12312312B"}examplechannel�2
      examplechannelexamplechannel��fw
                                               3examplechannelSimpleChaincodecollectionWorker"
      collectionWorkerworker_1examplechannel�6��2examplechannelexamplechannelr
      

       
      As you can see, the information is readable although the details of this worker have been erased from private data. Creepy. Of course, these logs are in the peers who are part of organizations included in the collection. Specifically, these logs can be found in: 
       
      /var/hyperledger/production/ledgersData/pvtdataStore/000001.log

      /var/hyperledger/production/transientStore/000001.log
       
      and in the case couchdb is not used but stateLeveldb (by default), here as well:
       /var/hyperledger/production/ledgersData/stateLeveldb/000001.log
       
      I wonder if Hyperledger Fabric should fix this in future versions coming.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                mlucc Mauro Lucchini
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Git Source Code