path: root/taler-auditor-manual.rst
diff options
authorChristian Grothoff <>2020-06-19 12:13:11 +0200
committerChristian Grothoff <>2020-06-19 12:13:11 +0200
commit8a27f027a2ffe42b1ebb4c29aae1dccdcf362cf9 (patch)
tree5e974b749a42918856be9e2c902dd85c3a10b295 /taler-auditor-manual.rst
parent8b22295caa04e8126503ec74fa3564cf9ea13d89 (diff)
clarify CodeBlau op sec question
Diffstat (limited to 'taler-auditor-manual.rst')
1 files changed, 5 insertions, 1 deletions
diff --git a/taler-auditor-manual.rst b/taler-auditor-manual.rst
index 82b206e..f5cca27 100644
--- a/taler-auditor-manual.rst
+++ b/taler-auditor-manual.rst
@@ -59,7 +59,11 @@ to other parties.
To perform this duty, you will need at least (read-only) access to the bank
transactions of the exchange, as well as a continuously synchronized replica
-of the exchange's database.
+of the exchange's database. The general assumption for running the auditor
+is that this is done on a separate system controlled by the auditor. After
+all, the goal is to detect nerfarious activity of the exchange operator,
+which cannot be effectively done on a machine controlled by the exchange
For this, every auditor needs to operate a Postgres database. The data
collected will include sensitive information about Taler users, including