Closed ghost closed 4 years ago
@andrei-lihu nice for understanding, but we can’t work at linux level, we probably need to use some 3rd party Go library which also supports Windows.
@andrei-lihu Badger is already creating a lock:
The top-level object in Badger is a DB. It represents multiple files on disk in specific directories, which contain the data for a single database. Please note that Badger obtains a lock on the directories so multiple processes cannot open the same database at the same time.
None of the following is preventing db files to be edited:
I've tested with all 3 and each time i was able to edit files in the db folder even if immudb
is running.
File locking mechanisms, like flock
on *nix systems, are probably not suited for the task at hand (i.e. preventing anyone to change a db file) as they are “cooperative measures”:
“Note that [flock] is a cooperative measure, so other processes will need to use the same system otherwise there will be nothing to stop them doing what they like with the file.”
https://stackoverflow.com/questions/29564267/locking-a-file-for-both-read-and-write
Anyway, even if it worked as imagined (it doesn't as it's a cooperative mechanism, as described in the link at the previous comment), file/directory locking would not be a good solution since once the process is stopped, the lock is removed. After more research i found out that Badger already supports encryption - see section Enabling Encryption on an Existing Datastore in this article from March 2020: https://dgraph.io/blog/post/encryption-at-rest-dgraph-badger/
This is how Go code to enable encryption looks:
opts := badger.DefaultOptions("/tmp/badger").
WithEncryptionKey(masterKey).
WithEncryptionKeyRotationDuration(dataKeyRotationDuration) # defaults to 10 days
To summarize:
.root
file against checks can be made), we can encrypt the data as described aboveAs discussed, this issue will be parked for now. The attempted implementation will still be kept in this feature branch: https://github.com/codenotary/immudb/tree/feat/db-files-tampering-detection
It should not be possible to edit the DB files. We need a lock on them.
We also need a security mechanism to detect that data is not lost. Check with mmap. Also be aware of NFS.