问题
I'm currently having 2 organizations inside my Hyperledger Fabric, and I'm accessing both of the organizations using generated API by composer-rest-server.
According to my understanding, Hyperledger Fabric keeps its states inside couchdb and keeping its ledger in every organizations thus providing integrity.
The problem is let's say, when I try to change some sort of data directly in couchdbusing cURL method on org2, it shows lack of data integrity. for example :
This Data
"_id":"\u0000Asset:org.hospital.record.DataMedis\u0000001\u0000","_rev":"2-e590415fbc6092dc3ddc0b5271bab524","$class":"org.hospital.record.DataMedis","$registryId":"org.hospital.record.DataMedis","$registryType":"Asset","alasanMasuk":"string","alasanPulang":"string","anamnesis":"string","diagnosaPrimer":"DBD Tingkat I","diagnosaSekunder":"string","dokter":"resource:org.hospital.record.Dokter#001","idRekMedis":"001","kondisiSaatPulang":"string","noRekMedis":"000001","pasien":"resource:org.hospital.record.Pasien#001","pemeriksaanFisik":"string","prognosaPenyakit":"string","rencanaTindakLanjut":"string","riwayatAlergi":"string","rujukan":"string","terapiDiRs":"string","tglKeluar":"string","tglMasuk":"string","tindakan":"string","~version":"\u0000CgMBDQA="
Changing the diagnosis into this Data
"_id":"\u0000Asset:org.hospital.record.DataMedis\u0000001\u0000","_rev":"2-e590415fbc6092dc3ddc0b5271bab524","$class":"org.hospital.record.DataMedis","$registryId":"org.hospital.record.DataMedis","$registryType":"Asset","alasanMasuk":"string","alasanPulang":"string","anamnesis":"string","diagnosaPrimer":"Influenza","diagnosaSekunder":"string","dokter":"resource:org.hospital.record.Dokter#001","idRekMedis":"001","kondisiSaatPulang":"string","noRekMedis":"000001","pasien":"resource:org.hospital.record.Pasien#001","pemeriksaanFisik":"string","prognosaPenyakit":"string","rencanaTindakLanjut":"string","riwayatAlergi":"string","rujukan":"string","terapiDiRs":"string","tglKeluar":"string","tglMasuk":"string","tindakan":"string","~version":"\u0000CgMBDQA="
The result is the data between org1 and org2 isn't identical anymore. Here's the result using GET method from the composer-rest-server API:
Is there any way I can maintain its data integrity when someone attacking directly to my couchdb? or is there any configuration should I make to composer-rest-server?
I really appreciate any help you can provide.
回答1:
The state database is not the source of truth; the actual ledger is. The state database is really a persistent cache for the last known value of each key.
As alluded to by @risabh, endorsement policies are used to determine updates to state. So the next time there is a transaction which changes that state, as long as the endorsement policy is satisfied the "modified" key's latest value will be overwritten by the new value.
回答2:
Cant comment so adding here.
When you would try to add data for the same key again trough an invoke txn there would be an endorsement failure message from the peer for which the data is changed.This shows there is a miss match in read write set and the data is tampered.
来源:https://stackoverflow.com/questions/56759271/how-to-ensure-data-integrity-in-hyperledger-fabric-when-someone-intentionally-ch