diff options
Diffstat (limited to 'design-documents')
| -rw-r--r-- | design-documents/011-auditor-db-sync.rst | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/design-documents/011-auditor-db-sync.rst b/design-documents/011-auditor-db-sync.rst index aba7b503..34432985 100644 --- a/design-documents/011-auditor-db-sync.rst +++ b/design-documents/011-auditor-db-sync.rst @@ -78,7 +78,7 @@ Proposed Solution tables from other data *if* we need to recover from backup. * On schema migration, halt exchange, once auditor DB has synchronized, update all DB schema (the "ingress" DB schema - may be update automatically when the exchange DB schema is + may be updated automatically when the exchange DB schema is migrated, but the "trusted" DB of the auditor must most likely be manually migrated), then finally resume "ingress" to "trusted" helper-based DB synchronization and restart the exchange. @@ -159,7 +159,7 @@ Drawbacks is the answer, to be investigated what performs better. * A malicious exchange could theoretically send expensive transactions to the auditor via the replication mechanism (possibly ones that - it did not even execute locally itself) to DoS the "ingres" + it did not even execute locally itself) to DoS the "ingress" database. This would be noticed primarily by load monitoring or even the auditor lagging unusually far behind the exchange's transaction history. We believe this is acceptable, |