hidding buckets and keys

Ben Tilly btilly at gmail.com
Fri May 27 03:02:58 EDT 2011


I would strongly advise you that mobile clients should not be trusted to
access your data directly.  Because someone *will* reverse engineer them,
and *will* see what they can see.  You really do need an API between your
mobile application and the mobile service.

I know you think you don't.  You're headed down the common path of blocking
things that you know are risky.  However decades of experience say very
clearly that allowing requests by default then blocking what is known to be
harmful is a recipe for security disaster.  The ONLY sane approach is to
block everything, then allow only what is KNOWN to be safe.  Talk to any
security expert than they will agree, you absolutely don't want to hand out
raw access to your data (including inserts and deletes) to untrusted
clients.

As for your assertion that the cloud just failed for you if you have an API
- nothing could be farther from the truth.  A front end API on top of Riak
can be a very thin layer that can run on multiple machines with load
balancing and failover using a variety of standard techniques.

For your use case you should build an API.  Really.

On Thu, May 26, 2011 at 11:10 PM, Antonio Rohman Fernandez <
rohman at mahalostudio.com> wrote:

> "In our case, the only nodes that are allowed to hit the Riak cluster are
> those of our applications"... what if your app is more complex than that and
> you have thousands of servers all around the world ( different datacenters,
> different networks ) with crawlers, scanners, blackboxes, etc... all
> communicating with Riak and adding/removing new
> scanners/crawlers/blackboxes/etc... every now and then... quite troublesome
> to set up and maintain a firewall for that.
>
> "It is not recommended that you deploy Riak on the public internet"...
> what if apart from webservers with a web-app i want to build
> iPhone/iPad/Android apps that access Riak directly? one thing i love from
> Riak is its RESTfull architecture, but if i have to build some API somewhere
> for the mobile apps to interact with Riak... well... the 'cloud' paradigm
> just vanished for me... also, i would have a single point of failure on the
> API implementation.
>
> any other suggestions?
>
> Rohman
>
> On Fri, 27 May 2011 01:20:00 -0400, Alexander Sicular <siculars at gmail.com>
> wrote:
>
>  Hi Rohman,
>
> It is not recommended that you deploy Riak on the public internet. Keep all
> access private and then implement iptables on each individual node securing
> access to upstream clients.
>
> Ports to keep in mind -
>
> http(s) port (8098)
> protocol buffers port (8099)
> epmd (4369)
> forcing the range of ports erlang uses to communicate amongst other erlang
> nodes.
>
> The latter is not part of the default configuration but I think it should
> be. At least commented out in app.config.
>
>  Put it right at the top of the config array above the riak_core
> directives like so:
>
>  [
>  %% limit dynamic ports erlang uses to communicate
> %% pick some range that works in your environment
> %{kernel, [
> %   {inet_dist_listen_min, 21000},
> %   {inet_dist_listen_max, 22000}
> %]},
>   %% Riak Core config
>  {riak_core, [
> ...
>  Cheers,
>
>  Alexander Sicular
> @siculars
> http://sicuars.posterous.com
>
> On Friday, May 27, 2011 at 12:55 AM, Antonio Rohman Fernandez wrote:
>
>  hello all,
>
> http://IP:8098/riak?buckets=true [ will show all available buckets on Riak
> ]
> http://IP:8098/riak/bucketname?keys=true&props=false [ will show all
> available keys on a bucket ]
>
> to me, this proves a very big security risk, as if somebody discovers your
> Riak server's IP, is very easy to read all the information from it, even if
> you try to obfuscate the buckets/keys... everything is highly readable.
> there is any way to disable those options? like {riak_kv_stat, false} hides
> the /stats page
>
> thanks
>
> Rohman
>
> [image: line][image: logo] <http://mahalostudio.com> *Antonio Rohman Fernandez*
> CEO, Founder & Lead Engineer
> rohman at mahalostudio.com *Projects*
> MaruBatsu.es <http://marubatsu.es>
> PupCloud.com <http://pupcloud.com>
> Wedding Album <http://wedding.mahalostudio.com>[image: line]
>
>  _______________________________________________
> riak-users mailing list
> riak-users at lists.basho.com
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>
>   --
>
> [image: line][image: logo] <http://mahalostudio.com> *Antonio Rohman Fernandez*
> CEO, Founder & Lead Engineer
> rohman at mahalostudio.com *Projects*
> MaruBatsu.es <http://marubatsu.es>
> PupCloud.com <http://pupcloud.com>
> Wedding Album <http://wedding.mahalostudio.com>[image: line]
>
>
> _______________________________________________
> riak-users mailing list
> riak-users at lists.basho.com
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20110527/ad3aa95d/attachment.html>


More information about the riak-users mailing list