Hello, thank you, and a couple of questions about security
ksmith at basho.com
Thu May 6 07:20:05 EDT 2010
On May 6, 2010, at 6:22 AM, Paul R wrote:
> first, thank you for this nice piece of software, it really looks
> carefully designed and that means a lot when it comes to data storage.
> I'd have two questions regarding security :
> - does node communication is plain erlang node interprocesses
> communication as described in
> http://www.erlang.org/doc/reference_manual/distributed.html#id2280311 ?
> So what is the correct way to allow nodes to join the ring, and how
> to encrypt data transfert ? Do you consider that Riak should stay
> away from that, and for example, rely on a VPN ?
Riak nodes belonging to the same cluster do use distributed Erlang to communicate. We have no plans to encrypt this data as it would likely impact overall performance. If you really need to encrypt cluster traffic then a VPN would be appropriate. Could you describe your use case for encrypting cluster traffic?
> - do you plan to provide some kind of access control, at the
> bucket-level for example, with credentials or anything else ? Or do
> you consider that Riak should stay away from that, and rely on a http
> reverse proxy doing authentication and access control ?
We do not have any immediate plans to add security or authorization. Deploying reverse proxies for security is a very common pattern.
> riak-users mailing list
> riak-users at lists.basho.com
More information about the riak-users