Ideas

ESDB currently supports only RSA keys in certificates when specifying --certificate-private-key-file. The advantage of using EC keys would be that the key is much smaller for the same security level (EC takes 256 bit vs RSA 2048 bit for same secur...

Crypto-assurance provides guarantees against mutations, truncation, and reordering. Although ESDB doesn't provide nativa mutation and reordering capability, data on disk can be tampered to change the content of events. ESDB supports truncation wit...

ESDB is primarily configured using the config file, which is located on each cluster node. Some features (projections, connectors) are configured in the database itself. It can be confusing to understand where things are configured and why some co...

Currently, reads and subscriptions to $all require admin access, which isn't good for security. Supporting auth for $all will have performance impact when ACLs are used, but in combination with policies it could be fast enoguh because policies, un...

ESDB has access control lists (ACLs) as the primary method to achieve granular (per stream) authorisation. However, ACLs need to be set up per stream, which is a burden for developers. Also, if the auth rules change, all the streams need to get th...

Allow having multiple logs (databases) physically separated from each other. That would include different set of users, authorisation rules, etc. It would enable: deleting a specific database instead of cleaning up the whole cluster separate data ...

Changing the database configuration currently requires access to the machine where the cluster node is running. In many cases, it creates too much burden because there are more people who have access to the database compared with the number of peo...