[ https://issues.apache.org/jira/browse/SOLR-15864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17498937#comment-17498937 ]
Jason Gerlowski commented on SOLR-15864: ---------------------------------------- bq. mark all uploaded objects as immutable for a defined period of time. You didn't mention it by name in your description, but it sounds like you've got [S3 Object Lock|https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html] in mind here? Or were you thinking of something else? [~michael-newsrx] > Add option for Immutable backups to S3 for Ransonware and Deleteware > mitigation > ------------------------------------------------------------------------------- > > Key: SOLR-15864 > URL: https://issues.apache.org/jira/browse/SOLR-15864 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Michael Joyner > Priority: Major > > It would be an extremely useful feature to add to the S3 backup repository > (and possibly others, if supported) an option to be able to mark all uploaded > objects as immutable for a defined period of time. > If an file in the current backup already exists in the repository, simply > extend its immutable until time. > While I'm thinking of basic Ransomware and Deleteware mitigation, this also > could be used for Compliance mode. > Currently I'm backing up to a bucket with automatic locking, but this doesn't > handle the situation where an already existing uploaded index file immutable > until time ends earlier - leaving a timestamp gap and eventual immutable > state no longer being active on some index files as compared to others for a > particular backup opening up an avenue for attack. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org