Juan
Juan
Jul 20, 2017 · 1 min read

Good evening. I have some security questions and I would be happy if you could answer.
1) Are there any ways to somehow ‘hide’ contract abi from users of the DApp? I mean now I can easily watch app.js file of any DApp, get ABI of the contract and write my own DApp to interact with that contract. Or there is only one way — make modifiers like ‘only contract owner’?
2) Now I run testrpc node, deployed contract using ‘trufle migrate’ and default account[0] from the testrpc wallet list, in metamask I switched to my localhost:8545 node. In my app.js I removed the fallback to localhost:8545 provider, but somehow I still can call constant functions with ‘only contract owner’ (account[0]) using the metamask account. How can I prevent this? Here is the thing: I have some functions with ‘only contract owner’ modifiers, that return private data, that should be available only for the contract owner (i.e. account[0]).
Thanks in advance!

)
    Juan

    Written by

    Juan