Hacker News new | past | comments | ask | show | jobs | submit login

What do you do about database back ups? Do you not back up those tables or do you wipe out the backups after a couple of days?



Ya, that's a great question. We've thought a lot about backups. We delete secrets immediately after they're viewed which presents an interesting problem with regards to keeping backups.

We're probably going to take a route similar to Wikipedia, where we don't intend to be the primary repository of information. During the beta, we'll keep backups for a limited time (the past few hours) but that's it. In other words, we'd rather lose an hour of two of data than expose secrets to 3rd parties. We'll consider other options when we fully launch.

Note: this only applies to secrets data. Customer and related data is backed up as you'd expect.


Depending on what database you use you can do partial replication (only tables that aren't secrets) to a slave and then backup the slave. We use MySQL and that is possible. Also if you combine that with a high rotation rate on your binlogs (again mysql) and wipe out the older logs you can effectively have a slave with all of the "permanent" data and then only two hours of binlogs of everything. So in case of disaster you copy the slave back and then replay the binlogs you kept (a couple hours) for secrets and you are back where you started. But since you never replicated the secrets or kept more than 2 hours of binlogs you have no way of recovering the secrets outside of that window.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: