How to ensure data integrity in Hyperledger Fabric when someone intentionally changes data in couchdb directly

六眼飞鱼酱① 提交于 2021-01-07 07:38:59

问题


I'm currently having 2 organizations inside my Hyperledger Fabric, and I'm accessing both of the organizations using generated API by composer-rest-server.

According to my understanding, Hyperledger Fabric keeps its states inside couchdb and keeping its ledger in every organizations thus providing integrity.

The problem is let's say, when I try to change some sort of data directly in couchdbusing cURL method on org2, it shows lack of data integrity. for example :

This Data

"_id":"\u0000Asset:org.hospital.record.DataMedis\u0000001\u0000","_rev":"2-e590415fbc6092dc3ddc0b5271bab524","$class":"org.hospital.record.DataMedis","$registryId":"org.hospital.record.DataMedis","$registryType":"Asset","alasanMasuk":"string","alasanPulang":"string","anamnesis":"string","diagnosaPrimer":"DBD Tingkat I","diagnosaSekunder":"string","dokter":"resource:org.hospital.record.Dokter#001","idRekMedis":"001","kondisiSaatPulang":"string","noRekMedis":"000001","pasien":"resource:org.hospital.record.Pasien#001","pemeriksaanFisik":"string","prognosaPenyakit":"string","rencanaTindakLanjut":"string","riwayatAlergi":"string","rujukan":"string","terapiDiRs":"string","tglKeluar":"string","tglMasuk":"string","tindakan":"string","~version":"\u0000CgMBDQA="

Changing the diagnosis into this Data

"_id":"\u0000Asset:org.hospital.record.DataMedis\u0000001\u0000","_rev":"2-e590415fbc6092dc3ddc0b5271bab524","$class":"org.hospital.record.DataMedis","$registryId":"org.hospital.record.DataMedis","$registryType":"Asset","alasanMasuk":"string","alasanPulang":"string","anamnesis":"string","diagnosaPrimer":"Influenza","diagnosaSekunder":"string","dokter":"resource:org.hospital.record.Dokter#001","idRekMedis":"001","kondisiSaatPulang":"string","noRekMedis":"000001","pasien":"resource:org.hospital.record.Pasien#001","pemeriksaanFisik":"string","prognosaPenyakit":"string","rencanaTindakLanjut":"string","riwayatAlergi":"string","rujukan":"string","terapiDiRs":"string","tglKeluar":"string","tglMasuk":"string","tindakan":"string","~version":"\u0000CgMBDQA="

The result is the data between org1 and org2 isn't identical anymore. Here's the result using GET method from the composer-rest-server API:

Is there any way I can maintain its data integrity when someone attacking directly to my couchdb? or is there any configuration should I make to composer-rest-server?

I really appreciate any help you can provide.


回答1:


The state database is not the source of truth; the actual ledger is. The state database is really a persistent cache for the last known value of each key.

As alluded to by @risabh, endorsement policies are used to determine updates to state. So the next time there is a transaction which changes that state, as long as the endorsement policy is satisfied the "modified" key's latest value will be overwritten by the new value.




回答2:


Cant comment so adding here.

When you would try to add data for the same key again trough an invoke txn there would be an endorsement failure message from the peer for which the data is changed.This shows there is a miss match in read write set and the data is tampered.



来源:https://stackoverflow.com/questions/56759271/how-to-ensure-data-integrity-in-hyperledger-fabric-when-someone-intentionally-ch

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!