This topic outlines the data tamper-proofing principles within Simple Log Service.
Simple Log Service uses an append-only pattern for data storage to ensure tamper-proofing. The process is as follows:
Users send data to the Simple Log Service gateway using the SDK or Logtail.
The gateway performs signature verification and permission authentication. Authenticated data is forwarded to the backend worker.
The backend worker writes the data to the Apsara Distributed File System in an append-only manner for data persistence. This process includes several key features:
Files for each logstore are separated to prevent cross-interference.
Raw data remains unchanged until deleted after time-to-live (TTL) expiration.
The distributed file system is append-only and does not permit file modifications.
Logstore encryption can be activated, allowing data to be stored in ciphertext within the distributed file system.
Data is stored with multiple replicas and verified by cyclic redundancy check (CRC), preventing direct manipulation.
After confirming data persistence, the worker reports success to the gateway, which then notifies the user.
