Hello, thank you, and a couple of questions about security

Paul R paul.r.ml at gmail.com
Thu May 6 08:00:07 EDT 2010


>> - does node communication is plain erlang node interprocesses
>>    communication as described in
>>    http://www.erlang.org/doc/reference_manual/distributed.html#id2280311 ?
>>    So what is the correct way to allow nodes to join the ring, and how
>>    to encrypt data transfert ? Do you consider that Riak should stay
>>    away from that, and for example, rely on a VPN ?

> Riak nodes belonging to the same cluster do use distributed Erlang to communicate. We
>  have no plans to encrypt this data as it would likely impact overall performance. If
>  you really need to encrypt cluster traffic then a VPN would be appropriate.

That makes sens.

> Could you describe your use case for encrypting cluster traffic?

End-to-end authentication and encryption, without ability to trust network.


>> - do you plan to provide some kind of access control, at the
>>    bucket-level for example, with credentials or anything else ? Or do
>>    you consider that Riak should stay away from that, and rely on a http
>>    reverse proxy doing authentication and access control ?

> We do not have any immediate plans to add security or authorization. Deploying reverse
> proxies for security is a very common pattern.

Again that makes sens. I also favor separation of concerns, and I wanted to make sure that
was the recommanded way to go.

thank you for this quick shed of light


-- 
Paul




More information about the riak-users mailing list