Hello, thank you, and a couple of questions about security
paul.r.ml at gmail.com
Thu May 6 08:00:07 EDT 2010
>> - does node communication is plain erlang node interprocesses
>> communication as described in
>> http://www.erlang.org/doc/reference_manual/distributed.html#id2280311 ?
>> So what is the correct way to allow nodes to join the ring, and how
>> to encrypt data transfert ? Do you consider that Riak should stay
>> away from that, and for example, rely on a VPN ?
> Riak nodes belonging to the same cluster do use distributed Erlang to communicate. We
> have no plans to encrypt this data as it would likely impact overall performance. If
> you really need to encrypt cluster traffic then a VPN would be appropriate.
That makes sens.
> Could you describe your use case for encrypting cluster traffic?
End-to-end authentication and encryption, without ability to trust network.
>> - do you plan to provide some kind of access control, at the
>> bucket-level for example, with credentials or anything else ? Or do
>> you consider that Riak should stay away from that, and rely on a http
>> reverse proxy doing authentication and access control ?
> We do not have any immediate plans to add security or authorization. Deploying reverse
> proxies for security is a very common pattern.
Again that makes sens. I also favor separation of concerns, and I wanted to make sure that
was the recommanded way to go.
thank you for this quick shed of light
More information about the riak-users