hidding buckets and keys

OJ Reeves oj at buffered.io
Fri May 27 01:06:40 EDT 2011


Rohman,

In our case, the only nodes that are allowed to hit the Riak cluster are
those of our applications. We do not allow access to the Riak nodes from the
public Internet. Firewall rules are in place to prevent this in some cases,
and in others the Riak nodes themselves are on internal networks. In general
I think either of these approaches is sound (I'm happy to be corrected ;)).
Perhaps you should look into something similar?

Best regards

OJ

On 27 May 2011 14:55, Antonio Rohman Fernandez <rohman at mahalostudio.com>wrote:

> hello all,
>
> http://IP:8098/riak?buckets=true [ will show all available buckets on Riak
> ]
> http://IP:8098/riak/bucketname?keys=true&props=false [ will show all
> available keys on a bucket ]
>
> to me, this proves a very big security risk, as if somebody discovers your
> Riak server's IP, is very easy to read all the information from it, even if
> you try to obfuscate the buckets/keys... everything is highly readable.
> there is any way to disable those options? like {riak_kv_stat, false} hides
> the /stats page
>
> thanks
>
> Rohman
>
> [image: line][image: logo] <http://mahalostudio.com> *Antonio Rohman Fernandez*
> CEO, Founder & Lead Engineer
> rohman at mahalostudio.com *Projects*
> MaruBatsu.es <http://marubatsu.es>
> PupCloud.com <http://pupcloud.com>
> Wedding Album <http://wedding.mahalostudio.com>[image: line]
>
>
> _______________________________________________
> riak-users mailing list
> riak-users at lists.basho.com
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>
>


-- 

OJ Reeves
http://buffered.io/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20110527/ae04560a/attachment.html>


More information about the riak-users mailing list