couple quick questions about dovetail
1 view
Skip to first unread message
jdwoody
Apr 14, 2009, 10:57:02 AM4/14/09
to dovetaildb-discuss
I looked over the website, but was wondering what kind of support
there was (either existing or expected for 1.0) for replication and
sandboxing.
Thanks!
psch...@gmail.com
Apr 14, 2009, 1:55:25 PM4/14/09
to dovetaildb-discuss
Both replication and sharding capabilities are planned for 0.4.0, but
neither exists presently. If you wanted to, you could roll your own
by implementing update hooks that write to a "transaction log" bag and
then have an external process read these and replay them into another
DovetailDB instance. Pretty wasteful, but should work.
As for sandboxing, you're interested in how to protect queries in one
database from affecting others, yes? Two areas of concern there: (1)
whether there might be loopholes that would allow a query / update
operation / function to escape the database to which it was applied
and (2) whether expensive or runaway operations could impair other
databases in the same instance. As for (1), it's my intent that the
system should prevent this from happening -- that said, the product is
very young, and I would not be terribly surprised if you could find
ways to subvert the protections. (2) is even trickier; there is an
(unadvertised) property "dovetaildb.js_timeout" (expressed in seconds)
which will forcibly terminate javascript functions, but it will not
terminate a query or update early. Someone with knowledge of your
data and the system can figure out how to fashion expensive queries
(in memory, processing time, or both).
Improvements on both fronts (1) and (2) are in the works; at this
point in the game, though, my recommendation is to run multiple
DovetailDB instances, each running as distinct, unprivileged users
whenever sandboxing is an important concern.
Cheers!
neither exists presently. If you wanted to, you could roll your own
by implementing update hooks that write to a "transaction log" bag and
then have an external process read these and replay them into another
DovetailDB instance. Pretty wasteful, but should work.
As for sandboxing, you're interested in how to protect queries in one
database from affecting others, yes? Two areas of concern there: (1)
whether there might be loopholes that would allow a query / update
operation / function to escape the database to which it was applied
and (2) whether expensive or runaway operations could impair other
databases in the same instance. As for (1), it's my intent that the
system should prevent this from happening -- that said, the product is
very young, and I would not be terribly surprised if you could find
ways to subvert the protections. (2) is even trickier; there is an
(unadvertised) property "dovetaildb.js_timeout" (expressed in seconds)
which will forcibly terminate javascript functions, but it will not
terminate a query or update early. Someone with knowledge of your
data and the system can figure out how to fashion expensive queries
(in memory, processing time, or both).
Improvements on both fronts (1) and (2) are in the works; at this
point in the game, though, my recommendation is to run multiple
DovetailDB instances, each running as distinct, unprivileged users
whenever sandboxing is an important concern.
Cheers!
jdwoody
Apr 14, 2009, 4:59:26 PM4/14/09
to dovetaildb-discuss
Thanks for the quick reply! I guess for sandboxing I was more
interested in using replication to duplicate an entire DB (or a
subset) so we could have multiple separate databases for developers to
use. I'll definitely be watching to see how the replication works
out.
psch...@gmail.com
Apr 16, 2009, 12:50:16 AM4/16/09
to dovetaildb-discuss
Ah, I see. So is the sandboxing intended to allow developers to make
local modifications without impacting others? If so, I'm afraid the
replication that I'm working on won't help you -- it's going to
require that every replica stays synchronized with the others (it's a
peer-to-peer, master-less replication -- good for high availability,
but bad for your use case).
If the developers can live with read-only replicas, you'd be okay.
But I suspect you want write access, in which case, you might be stuck
with having to roll your own replication mechanism :(
local modifications without impacting others? If so, I'm afraid the
replication that I'm working on won't help you -- it's going to
require that every replica stays synchronized with the others (it's a
peer-to-peer, master-less replication -- good for high availability,
but bad for your use case).
If the developers can live with read-only replicas, you'd be okay.
But I suspect you want write access, in which case, you might be stuck
with having to roll your own replication mechanism :(
Reply all
Reply to author
Forward
0 new messages