Zooko O'Whielacronx wrote: > On Thu, Dec 3, 2009 at 10:43 PM, David-Sarah Hopwood > <[email protected]> wrote: >>> durability: this issue could lead to the unintended loss of data >> >> I changed this to "dataloss", since durability will mean something >> different to database folks. > > I don't know -- I actually think "durability" means the same thing to > us and to database folks.
I'm a database folk (well, as far as being interested in the theory), and "durability" doesn't mean the same thing as "no data loss" to me :-) Suppose we have a transactional database, with some security flaw that allows the attacker to submit unauthorized transactions that delete data. Each transaction -- by a legitimate user or by the attacker -- has the Durability property, i.e. if it commits then it has a persistent effect on the database (roughly speaking; see below for a more precise definition). So the database as a whole can have the ACID properties despite this security flaw. OTOH, the security flaw can certainly result in data loss. Alternatively, consider the following definitions: An Atomic operation is called a transaction. The observable effects of a transaction occur in a single event -- the transaction's commit event. (Depending on the transaction's Isolation level, all of its reads may also appear to happen in that event.) Operations that are not Atomic, can be modelled as consisting of multiple events that can each cause observable effects. A class of operations is Durable iff for any *successful* operation of that class, there exists some observable completion event that happens after all other events of the operation, such that all events that happen after the completion event observe the expected side effects of the operation. (For a transaction, the completion event is the commit event.) In other words, the effects of a Durable operation are persistent once it has completed (which doesn't imply that they can't be undone by subsequent operations). Given these definitions, note that for a non-Atomic operation, saying that it is Durable is not saying very much, because if it didn't have a completion event, we wouldn't consider it to be successful. So (I claim) it doesn't really make sense to talk about Durability in a system that doesn't ensure Atomicity. (Indeed none of the ACID properties are completely orthogonal to the others.) > In any case our keywords are phrased in the positive, so it would have > to be something like "data-preservation". :-) That's a good point. Perhaps something like "longevity"? -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
