Server

Production-ready TCP server with security, clustering, and monitoring.

Security

  • Authentication -- SCRAM-SHA-256 (salted challenge-response). No plaintext passwords on the wire.
  • TLS/SSL -- Certificate-based encryption for all traffic.
  • RBAC -- Three roles:
    • Admin -- Full access to all commands including user management
    • ReadWrite -- CRUD, indexes, transactions, blobs, search, procedures
    • Read -- Queries, counts, aggregations, list operations only
  • Audit logging -- Every operation logged with timestamp and user context. GELF format for centralized logging.

Wire Protocol

OxiWire is OxiDB's custom binary protocol. Fixed-size encoding (1-byte type tags, 4-byte LE lengths, 8-byte LE numbers). Faster than JSON and MsgPack for both serialization and deserialization.

Clients can also use plain JSON over the same TCP connection.

Clustering (Raft)

Multi-node replication via Raft consensus. State machine replication with persistent log. Enable with the cluster feature flag.

Configuration

Environment VariableDefaultDescription
OXIDB_ADDR127.0.0.1:4444Bind address
OXIDB_DATA./oxidb_dataData directory
OXIDB_POOL_SIZE4Worker thread count
OXIDB_IDLE_TIMEOUT30Connection timeout (seconds, 0 = never)