Question about security
gary.smith at holdstead.com
Wed Jan 12 13:17:14 EST 2011
> Newbie question. I am trying to find documentation about Riak security.
> I have seen
> but I could not find much on access control.
> Is it possible to secure access to Riak nodes? Does it offer something
> similar to http://srp.stanford.edu/ (i.e. remote login)?
> I read somewhere that Riak does not use encryption for exchange between
> nodes. Is this (still) correct? What about communication with users
> If the answer to the above question is no, then how can one secure a
> Riak system properly?
Put an apache (or whatever) server in front and proxy the requests accordingly and setup the security through the underlying web service.
You -> [ apache -> riak ] (where  is the box).
You -> apache -> riak (where riak only allows requests from the apache server via the firewall on the riak server -- such as iptables)
The same problem exists in technologies like memcached.
More information about the riak-users