What is database authentication, authorization, encryption, audit logging? (ft. CockroachDB)

What is database authentication, authorization, encryption, audit logging? (ft. CockroachDB)


For the past few months, I have been working
on the Security docs for CockroachDB and learned a lot of interesting things. Here’s what I have learned. CockroachDB provides authentication, encryption,
authorization, and audit logging features to deploy secure clusters. Let’s consider an analogy to understand
these terms: Imagine that you work at an office that is
located in an office building with a security system in place. On the first day at the job, you were given
an ID card with identifying information about you like your photograph, your name, and
the name of the company you work for And it was signed by the security officer who’s
in charge of the security of the entire office building Now every time you enter the building, you
present the ID card to the security guard at the entrance. The security guard doesn’t know you, and
so has no reason to trust you and let you in. They also might not personally know the security
officer who signed your card, so they can’t trust the signature either. However, they have the security officer’s
signature stored in a system that they do trust. They check the signature on your card against
the signature in their system and find that the signatures match. Now they trust that the information on your
ID card is valid. So they let you enter the building. This is “authentication” – your signed
ID card serves as a way to “authenticate” your identity. Once you enter the building, you realize that
the building has offices of many other companies. Each company has their own access systems,
and you have access only to your office. So even though you have able to enter the
building, you are authorized to access only a part of it. This is “authorization”, or “access
control”. Now suppose that you are in the lobby with
a coworker, discussing a confidential issue, When another person walks in. You don’t want to stop your conversation,
but you also don’t want this other person to know what you’re talking about. Thankfully, both you and your coworker have
a pre-established code language that only the two of you know about. You continue the conversation in the code
language, and have an uninterrupted discussion while also maintaining the confidentiality
of the matter. This is “encryption” – a secured communication
using a code or encryption system that only the communicating parties know about. Finally, the security person maintains a “log”
of employees and visitors entering and leaving the building. In case something goes wrong, they can track
down who was in the building at what time. This is Audit Logging. In the next video, we will apply these concepts
to a CockroachDB cluster. Thanks for watching!

Danny Hutson

2 thoughts on “What is database authentication, authorization, encryption, audit logging? (ft. CockroachDB)

Leave a Reply

Your email address will not be published. Required fields are marked *