Immutability & tamper-proofing?
Hey! Are there any plans to expand the scope of Xata into the immutability/ledger db space? We have solutions such as ImmuDB, Dolt SQL, XTDB, SQL Server 2022 Ledger and so on which provides cryptographically verifiable tamper-proofing of data (i.e., you cannot change data in the database without traces). Does Xata see this as something within its scope?
5 Replies
Hi, plugins such as pgaudit can be enabled on dedicated clusters (https://xata.io/blog/postgresql-dedicated-clusters-beta).
Role-based access control / fine-grained privilege scheme is one of our priority features which we anticipate to have available before the end of this year. Further enhancements for tamper-proofing may certainly be considered in future iterations.
I see that you've already added an enhancement request https://feedback.xata.io/feature-requests/p/immutability-and-tamper-proofing which helps us a lot with gauging interest.
Would you need "just" auditing at the moment, or is immutability and cryptographic coherence a requirement for your use case? It would help if you'd like to share some details about your project, such as: is it storing sensitive data, would you need some level of compliance in addition to immutability?
Immutability and tamper-proofing | Feature Requests | Xata
Provide some sort of tamper-proofing of data similar to SQL Server 2022 Ledger which stores an immutable history of all ledger-configured tables.
Thanks for the comprehensive answer, @kostas!
For our specific use case, having "just" auditing would maybe suffice, but as long as the audit log tables are mutable (or the triggers disabling updates can easily be turned off), we're back to square one. Having some replication like CDC is basically the same, as long as the target db is mutable the audit/replication cannot be trusted either. The main issue I see with using the audit log is that the database value is no longer the source of truth, but rather the contents of the audit log, so the verification/"reconciliation" of values and log entries can quickly become either a lot of manual work or require quite some engineering.
Our use case is that of a financial application where monetary values and certain amounts/counts are important to easily check if have been (maliciously) mutated/tampered with when they shouldn't have been. Would be the same with a previous health-related application I was contracted on, audit logs are fine but not if they cannot be trusted.
Another reason why this might be worth your while is the sunsetting of Amazon's QLDB (quantum ledger db) offering, leaving a lot of customers without a proper alternative. AWS' recommendation is Postgres with triggers, but that won't be enough for many cases (such as ours).
Thank you very much for the additional context. I see how just audit logs can be hard to process and not sufficient by themselves when the goal is to guarantee and track data integrity, both for the data and the audit logs themselves. Role-based access is a necessary step towards this direction for Xata, and once that is accomplished we might be able to look into adding more focused solutions on the immutability/cryptographic verification domain. Certainly an area for us to consider down the line.
Looking forward to hearing more about this when the timing is right, @kostas – thank you!
Not sure if this is an interesting note @kostas , but XTDB (an immutable SQL database) is building out their v2.x to have Postgres compatibility (alpha/beta docs): https://pr-3496.d2zcybuz6k9g4m.amplifyapp.com/drivers/postgres/getting-started.html
They're also looking for design partners, in case Xata would like to branch into database-as-a-value thinking (see bottom of their frontpage): https://xtdb.com/
Thank you for the hint @andreasb , I will discuss with our team to find out if such a partnership could fit into our roadmap