EventStoreDB Ideas Portal

Ideas for improvements and new features in EventStoreDB, client libraries, and database extensions.

ADD A NEW IDEA

Security

Showing 7 of 55

Support certificates with EC (elliptic curve) keys

ESDB currently supports only RSA keys in certificates when specifying --certificate-private-key-file. The advantage of using EC keys would be that the key is much smaller for the same security level (EC takes 256 bit vs RSA 2048 bit for same secur...
Alexey Zimarev 8 months ago in EventStoreDB / Configuration / Operations / Security 1

Crypto-assurance for audit

Crypto-assurance provides guarantees against mutations, truncation, and reordering. Although ESDB doesn't provide nativa mutation and reordering capability, data on disk can be tampered to change the content of events. ESDB supports truncation wit...
Alexey Zimarev 9 months ago in EventStoreDB / Compliance / Security 0

Support authorisation when reading from $all

Currently, reads and subscriptions to $all require admin access, which isn't good for security. Supporting auth for $all will have performance impact when ACLs are used, but in combination with policies it could be fast enoguh because policies, un...
Alexey Zimarev 9 months ago in EventStoreDB / Dev experience / Security 0 Planned

Stream authorisation policies

ESDB has access control lists (ACLs) as the primary method to achieve granular (per stream) authorisation. However, ACLs need to be set up per stream, which is a burden for developers. Also, if the auth rules change, all the streams need to get th...
Alexey Zimarev 10 months ago in EventStoreDB / Dev experience / Security 0 Planned

Kerberos Authentication

No description provided
Alexey Zimarev 10 months ago in EventStoreDB / Security 0

Encryption At Rest

Encryption at rest is a feature that won't be immensely popular, but those who need it won't be able to use ESDB without it. Some certifications like HIPAA require encryption at rest. Encrypting data directly in the database is different compared ...
Alexey Zimarev 10 months ago in EventStoreDB / Compliance / Security 0 Planned

Multiple databases

Allow having multiple logs (databases) physically separated from each other. That would include different set of users, authorisation rules, etc. It would enable: deleting a specific database instead of cleaning up the whole cluster separate data ...
Alexey Zimarev 10 months ago in EventStoreDB / Dev experience / Operations / Security 0 Planned