diff options
author | Thien-Thi Nguyen <ttn@gnuvola.org> | 2022-01-06 15:56:00 -0500 |
---|---|---|
committer | Thien-Thi Nguyen <ttn@gnuvola.org> | 2022-01-06 15:56:00 -0500 |
commit | b6b96eebb81ff3daecced9b43218ba8eb3268cce (patch) | |
tree | 1dec1e935b8d49b9453392bef26e7e59f4d847bb /design-documents/011-auditor-db-sync.rst | |
parent | 9fce45f796ef8e92fc5731d1a897dd337a6f921b (diff) | |
download | docs-b6b96eebb81ff3daecced9b43218ba8eb3268cce.tar.gz docs-b6b96eebb81ff3daecced9b43218ba8eb3268cce.tar.bz2 docs-b6b96eebb81ff3daecced9b43218ba8eb3268cce.zip |
s/Postgres/PostgreSQL/g
Diffstat (limited to 'design-documents/011-auditor-db-sync.rst')
-rw-r--r-- | design-documents/011-auditor-db-sync.rst | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/design-documents/011-auditor-db-sync.rst b/design-documents/011-auditor-db-sync.rst index f8229b63..d49503d2 100644 --- a/design-documents/011-auditor-db-sync.rst +++ b/design-documents/011-auditor-db-sync.rst @@ -89,9 +89,9 @@ Proposed Solution * The auditor's "ingress" database should be well isolated from the rest of the auditor's system and database (different user accounts). The reason is that we should not - assume that the Postgres replication code is battle-tested with + assume that the PostgreSQL replication code is battle-tested with malicious parties in mind. -* The canonical Postgres synchronization between exchange and the +* The canonical PostgreSQL synchronization between exchange and the auditor's "ingress" database must use transport security. The above solution does not gracefully handle mutable tables on which @@ -148,10 +148,10 @@ A good order for replicating the tables should be: Alternatives ============ -* Copy the Postgres WAL, filter it for "illegal" operations +* Copy the PostgreSQL WAL, filter it for "illegal" operations and then apply it at the auditor end. Disadvantages: WAL filtering is not a common operation (format documented?), - this would be highly Postgres-specific, and would require + this would be highly PostgreSQL-specific, and would require complex work to write the filter. Also unsure how one could later recover gracefully from transient errors (say where the exchange recified a bogus DELETE). |