I have a field in my contract. It's something like this:
contract MyContract {
string private secretField
}
function getSecretField() public view returns {
... some controls here...
return secretField;
}
I want to reach that secretField from my backend server and protect it from any other requester. What is the best practice for this?
If it's on a public blockchain (mainnet, ropsten testnet, ...), it's always going to be accessible by querying the storage slot containing the secretField value from an off-chain app. No matter the Solidity private visibility modifier because the storage query is performed on a lower layer.
Example: If secretField is the first property of the first defined contract (on this address), its value is stored in storage slot 0.
But if you only want to hide it from on-chain requesters, you can keep the property private and require the getter to be accessed only from a certain address.
// removed `view` because it's going to interact with the transaction data
function getSecretField() public returns {
// reverts if the sender address is not 0x123
require(msg.sender == address(0x123);
return secretField;
}
Note that your backend app is going to have to send a transaction from the 0x123 address in order to access the data. Simple call won't return anything because the getSecretField() is not a view function anymore.