dave at kibits.com
Tue May 3 08:26:16 EDT 2011
This is a question/survey on people's approach to security and appetite for baked in security features to Riak/NoSQL. A typical exploit path hackers take is to exploit a public facing application (like the application server, of which there typically numerous vulnerabilities), determine the data source and credentials by exploring the application code and it's network activity, access the db and steal info. Firewalls do not help in this case since the data store is being accessed from a legitimate source. So, database authentication and password encryption on the client is pretty key here.
What are people's typical approach to protecting against this scenario? Is it a reverse proxy (not sure if this really solves the problem give the request is from a legit host)? Also, what are people's appetite for baked in features in Riak to do db authentication and help with password encryption and key mgt on the client?
Seems like an important feature for anyone dealing with compliance.
More information about the riak-users