Make the writing API of read-only databases inaccessible #8098
Comments
upbqdn
added
A-rust
|
would this be a potential security issue for the blockchain scanner? If so we can add it to the list of tasks to do at some point after the MVP... |
|
I don't think so because writing would fail or panic. I added this note to the description:
|
|
It might also be helpful to document that the supported way to get read-only access to the state from a separate process is RPCs, and within the same process is cloning a I'll add this to the ticket. |
|
We might want to think about how to do this with One possible implementation is adding an |
mpguerra
added
the
A-blockchain-scanner
|
Is this work relevant outside of the scanner work? |
|
If Zaino is going to use this API, then I think we should do it as part of work on Zaino. And if Zaino is going to build and use some other API, then we should delete this API entirely, and keep only the other one. |
mpguerra
removed
the
A-blockchain-scanner
Motivation
PR #8079 adds support for opening the database in a read-only mode. However, the writing functionality still remains accessible in the API of the returned database. We should make it inaccessible for read-only databases. Note that this is not a security issue since attempting to write to a read-only database fails or panics, and the writes are not remotely triggerable.
Possible Solutions
One possible solution is having a type that implements all the read methods, but only implements the two write methods:
write(batch)andspawn_format_change()when it is a read-write database. This can be implemented using a generic parameter that allows writing.One possible implementation is adding an
IsWriteablegeneric to the database andTypedColumnFamily, and only implementingTypedColumnFamily::for_writing()when the generic isReadWriteDatabase.After PR #8112, this should be implemented on
TypedColumnFamilyandWriteTypedBatch.For example, the second generic parameter here is required to be
DBWithThreadModeInner, we could do something similar with aReadWriteDatabaseunit struct:https://docs.rs/rocksdb/latest/rocksdb/struct.DBCommon.html#impl-DBCommon%3CT,+DBWithThreadModeInner%3E
And here are the methods that work regardless of the generic type (for us that would be read methods):
https://docs.rs/rocksdb/latest/rocksdb/struct.DBCommon.html#impl-DBCommon%3CT,+D%3E
Credit to Teor for outlining the solutions.
Documentation
Document that secondary/read-only instances only read data that is in the database when it is opened. A specific method needs to be called to make secondary instances get more data:
https://github.com/facebook/rocksdb/wiki/Read-only-and-Secondary-instances
Document that the supported way to get read-only access to the state from a separate process is RPCs, and within the same process is cloning a
ReadStateService. This is because we have a non-finalized state containing blocks not in the database.The text was updated successfully, but these errors were encountered: