I have a server running in Germany and am currently evaluating the instance with our data security official (you may recall quite strict data privacy laws in the EU and in Germany in particular; see informational self-determination). We are concerned about the amount of data stored in the database, and would like to minimize this data…
Given that we don’t need an audit history, we think we have identified some non-essential records/fields, in particular:
- table
audits
becomes unnecessary -
*.deleteat
: records can be deleted if non-zero value, but needs to cascade:-
team.id
tochannels.teamid
-
channels.id
toposts.channelid
andchannelmembers.channelid
-
users.id
toposts.userid
,channels.creatorid
,channelmembers.userid
and (as part of direct messages?)channels.name
-
posts.filenames
references files on disk/AWS
-
-
sessions.deviceid
,sessions.props
might be superfluous anyway
(These are the obvious fields we’ve found at a first glance of the database structure, there may be more.)
Q1: Can I safely delete/truncate these fields or are there any internal checks (e.g. integrety checks) which will cause the application to panic when this information is missing?
Personally I would like to see an option which disables the audit log and enables a true deletion of things, but I can live with a cronjob which scrubs the database in regular intervals.
Q2: Would you welcome a pull-request for this, or do you think this is completely out of scope?
—Dominik