Protect database from corruption

Since FoundationDB is essentially a one large key value store there is a huge risk of misconfiguration or just human error during building our own layers.

One of the most risky operations is range clear. Are there any best practices to avoid wiping all data (imagine just forgetting to pack prefix!). Right now i am building a library for nodejs for easier layer implementations and one of the goals is to provide safe way to do experiments. Until today we just didn’t have clearRange at all and it worked fine since other way of corrupting data is much more complicated (writing data to wrong keys is not that easy).

Does anyone have other ideas?

Is it possible to just have the basic abstractions that mediate all operations discourage this?


  • Something wrapping a transaction.
  • Something wrapping a subspace and pointing to the above.

(The record layer calls these “context” and “store,” respectively.)

Nothing prevents you from clearing the whole database, but you have to “open the whole database” first. If you just open a smaller database, then that’s the widest you can go. Which doesn’t eliminate problems within that subspace, but does avoid “wiping all data.”

See #1419 for why this is a hard feature to offer, as well.