Aphyr aphyr at
Tue May 3 12:22:11 EDT 2011

Any system which presents plaintext is vulnerable; it is simply a matter 
of complexity. Once you've compromised a layer which processes 
plaintext, all layers below it are essentially moot, as the Playstation 
network recently discovered.

The only scheme which will defend against data compromise is one in 
which the application does not contain sufficient information to 
reconstruct the plaintext. For example, you can have the client of the 
system (each user, for example) store a secret (say, a password) which 
is never yielded directly to the application, but is used as a part of 
the cryptosystem key. Hence the application can never reconstruct the 
plaintext. This may, of course, limit how useful your application can be.

Long story short: it's application dependent. I don't think it would be 
useful to bake that feature into Riak. My advice is to design in depth, 
modularize systems that handle critical data to reduce their 
vulnerability surface, and plan for each layer to be compromised 
progressively. It can buy you some time.


On 05/03/2011 05:26 AM, David Greenstein wrote:
> This is a question/survey on people's approach to security and
> appetite for baked in security features to Riak/NoSQL. A typical
> exploit path hackers take is to exploit a public facing application
> (like the application server, of which there typically numerous
> vulnerabilities), determine the data source and credentials by
> exploring the application code and it's network activity, access the
> db and steal info. Firewalls do not help in this case since the data
> store is being accessed from a legitimate source. So, database
> authentication and password encryption on the client is pretty key
> here.
> What are people's typical approach to protecting against this
> scenario? Is it a reverse proxy (not sure if this really solves the
> problem give the request is from a legit host)? Also, what are
> people's appetite for baked in features in Riak to do db
> authentication and help with password encryption and key mgt on the
> client?
> Seems like an important feature for anyone dealing with compliance.
> Thank you! Dave _______________________________________________
> riak-users mailing list riak-users at

More information about the riak-users mailing list