Immutability and tamper-evident?
Hey! Are there any plans to expand the scope of Neon into the immutability/ledger db space? We have solutions such as ImmuDB, Dolt SQL, XTDB, SQL Server 2022 Ledger and so on which provides cryptographically verifiable tamper-proofing of data (i.e., you cannot change data in the database without traces). Does Neon see this as something within its scope?
4 Replies
xenial-black•16mo ago
@andreasb are there Postgres extensions that enable this? If so those will likely work on Neon. If the extension is not already supported, let us know and we can look into it
eastern-cyanOP•15mo ago
@andyhats Unfortunately, not that I'm aware of. The closest would be one of the temporal table extensions, but they are not immutable (or provide tamper-evidence) by themselves. They do however give the important historical context of values which has changed in the database.
Not sure if this is an interesting note @andyhats , but XTDB (an immutable SQL database) is building out their v2.x to have Postgres compatibility (alpha/beta docs): https://pr-3496.d2zcybuz6k9g4m.amplifyapp.com/drivers/postgres/getting-started.html
They're also looking for design partners, in case Neon would be interested in such (see bottom of their frontpage): https://xtdb.com/
xenial-black•15mo ago
will pass it along! BTW I also heard about pgaudit in the meantime https://www.pgaudit.org/
it's a postgres extension that's not compatible with Neon at the moment, because it needs full access to logs, but interesting nonentheless
eastern-cyanOP•15mo ago
Thanks, @andyhats ! Yes, pgaudit is also very interesting. Main "issue" is that the tables to which the audit logs are inserted are likely easily mutable too (e.g., triggers denying UPDATE statements can always be turned off if an attacker is able to get sysadmin access).