hidding buckets and keys

Eric Moritz eric at themoritzfamily.com
Fri May 27 08:49:54 EDT 2011


Don't trust any client that you put in the hands of someone else.  i.e.
mobile client, client-side web app, etc.  It would take anyone with a packet
sniffer 5 seconds to figure out you're using Riak and then they have the
Riak docs to step them through how to read/write arbitrary values from your
cluster.


On Fri, May 27, 2011 at 3:02 AM, Ben Tilly <btilly at gmail.com> wrote:

> I would strongly advise you that mobile clients should not be trusted to
> access your data directly.  Because someone *will* reverse engineer them,
> and *will* see what they can see.  You really do need an API between your
> mobile application and the mobile service.
>
> I know you think you don't.  You're headed down the common path of blocking
> things that you know are risky.  However decades of experience say very
> clearly that allowing requests by default then blocking what is known to be
> harmful is a recipe for security disaster.  The ONLY sane approach is to
> block everything, then allow only what is KNOWN to be safe.  Talk to any
> security expert than they will agree, you absolutely don't want to hand out
> raw access to your data (including inserts and deletes) to untrusted
> clients.
>
> As for your assertion that the cloud just failed for you if you have an API
> - nothing could be farther from the truth.  A front end API on top of Riak
> can be a very thin layer that can run on multiple machines with load
> balancing and failover using a variety of standard techniques.
>
> For your use case you should build an API.  Really.
>
>
> On Thu, May 26, 2011 at 11:10 PM, Antonio Rohman Fernandez <
> rohman at mahalostudio.com> wrote:
>
>> "In our case, the only nodes that are allowed to hit the Riak cluster are
>> those of our applications"... what if your app is more complex than that and
>> you have thousands of servers all around the world ( different datacenters,
>> different networks ) with crawlers, scanners, blackboxes, etc... all
>> communicating with Riak and adding/removing new
>> scanners/crawlers/blackboxes/etc... every now and then... quite troublesome
>> to set up and maintain a firewall for that.
>>
>> "It is not recommended that you deploy Riak on the public internet"...
>> what if apart from webservers with a web-app i want to build
>> iPhone/iPad/Android apps that access Riak directly? one thing i love from
>> Riak is its RESTfull architecture, but if i have to build some API somewhere
>> for the mobile apps to interact with Riak... well... the 'cloud' paradigm
>> just vanished for me... also, i would have a single point of failure on the
>> API implementation.
>>
>> any other suggestions?
>>
>> Rohman
>>
>> On Fri, 27 May 2011 01:20:00 -0400, Alexander Sicular <siculars at gmail.com>
>> wrote:
>>
>>  Hi Rohman,
>>
>> It is not recommended that you deploy Riak on the public internet. Keep
>> all access private and then implement iptables on each individual node
>> securing access to upstream clients.
>>
>> Ports to keep in mind -
>>
>> http(s) port (8098)
>> protocol buffers port (8099)
>> epmd (4369)
>> forcing the range of ports erlang uses to communicate amongst other erlang
>> nodes.
>>
>> The latter is not part of the default configuration but I think it should
>> be. At least commented out in app.config.
>>
>>  Put it right at the top of the config array above the riak_core
>> directives like so:
>>
>>  [
>>  %% limit dynamic ports erlang uses to communicate
>> %% pick some range that works in your environment
>> %{kernel, [
>> %   {inet_dist_listen_min, 21000},
>> %   {inet_dist_listen_max, 22000}
>> %]},
>>   %% Riak Core config
>>  {riak_core, [
>> ...
>>  Cheers,
>>
>>  Alexander Sicular
>> @siculars
>> http://sicuars.posterous.com
>>
>> On Friday, May 27, 2011 at 12:55 AM, Antonio Rohman Fernandez wrote:
>>
>>  hello all,
>>
>> http://IP:8098/riak?buckets=true [ will show all available buckets on
>> Riak ]
>> http://IP:8098/riak/bucketname?keys=true&props=false [ will show all
>> available keys on a bucket ]
>>
>> to me, this proves a very big security risk, as if somebody discovers your
>> Riak server's IP, is very easy to read all the information from it, even if
>> you try to obfuscate the buckets/keys... everything is highly readable.
>> there is any way to disable those options? like {riak_kv_stat, false}
>> hides the /stats page
>>
>> thanks
>>
>> Rohman
>>
>> [image: line][image: logo] <http://mahalostudio.com> *Antonio Rohman Fernandez*
>> CEO, Founder & Lead Engineer
>> rohman at mahalostudio.com *Projects*
>> MaruBatsu.es <http://marubatsu.es>
>> PupCloud.com <http://pupcloud.com>
>> Wedding Album <http://wedding.mahalostudio.com>[image: line]
>>
>>  _______________________________________________
>> riak-users mailing list
>> riak-users at lists.basho.com
>> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>>
>>   --
>>
>> [image: line][image: logo] <http://mahalostudio.com> *Antonio Rohman Fernandez*
>> CEO, Founder & Lead Engineer
>> rohman at mahalostudio.com *Projects*
>> MaruBatsu.es <http://marubatsu.es>
>> PupCloud.com <http://pupcloud.com>
>> Wedding Album <http://wedding.mahalostudio.com>[image: line]
>>
>>
>> _______________________________________________
>> riak-users mailing list
>> riak-users at lists.basho.com
>> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>>
>>
>
> _______________________________________________
> riak-users mailing list
> riak-users at lists.basho.com
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20110527/3f4986ef/attachment.html>


More information about the riak-users mailing list