hidding buckets and keys

Keith Bennett keith.bennett at lmnsolutions.com
Fri May 27 10:57:37 EDT 2011


Another great reason to insert a layer between your app and riak is that if you should ever change your data storage strategy or support multiple strategies (e.g. support the use of a strategy other than riak) it would minimize or eliminate the need to change the client app.

- Keith

On May 27, 2011, at 3:02 AM, Ben Tilly wrote:

> I would strongly advise you that mobile clients should not be trusted to access your data directly.  Because someone *will* reverse engineer them, and *will* see what they can see.  You really do need an API between your mobile application and the mobile service.
> 
> I know you think you don't.  You're headed down the common path of blocking things that you know are risky.  However decades of experience say very clearly that allowing requests by default then blocking what is known to be harmful is a recipe for security disaster.  The ONLY sane approach is to block everything, then allow only what is KNOWN to be safe.  Talk to any security expert than they will agree, you absolutely don't want to hand out raw access to your data (including inserts and deletes) to untrusted clients.
> 
> As for your assertion that the cloud just failed for you if you have an API - nothing could be farther from the truth.  A front end API on top of Riak can be a very thin layer that can run on multiple machines with load balancing and failover using a variety of standard techniques.
> 
> For your use case you should build an API.  Really.
> 
> On Thu, May 26, 2011 at 11:10 PM, Antonio Rohman Fernandez <rohman at mahalostudio.com> wrote:
> "In our case, the only nodes that are allowed to hit the Riak cluster are those of our applications"... what if your app is more complex than that and you have thousands of servers all around the world ( different datacenters, different networks ) with crawlers, scanners, blackboxes, etc... all communicating with Riak and adding/removing new scanners/crawlers/blackboxes/etc... every now and then... quite troublesome to set up and maintain a firewall for that.
> 
> "It is not recommended that you deploy Riak on the public internet"... what if apart from webservers with a web-app i want to build iPhone/iPad/Android apps that access Riak directly? one thing i love from Riak is its RESTfull architecture, but if i have to build some API somewhere for the mobile apps to interact with Riak... well... the 'cloud' paradigm just vanished for me... also, i would have a single point of failure on the API implementation.
> 
> any other suggestions?
> 
> Rohman
> 
> On Fri, 27 May 2011 01:20:00 -0400, Alexander Sicular <siculars at gmail.com> wrote:
> 
>> Hi Rohman,
>> 
>> It is not recommended that you deploy Riak on the public internet. Keep all access private and then implement iptables on each individual node securing access to upstream clients.
>> 
>> Ports to keep in mind - 
>> 
>> http(s) port (8098)
>> protocol buffers port (8099)
>> epmd (4369)
>> forcing the range of ports erlang uses to communicate amongst other erlang nodes.
>> 
>> The latter is not part of the default configuration but I think it should be. At least commented out in app.config.
>> 
>> Put it right at the top of the config array above the riak_core directives like so:
>> 
>> [
>> %% limit dynamic ports erlang uses to communicate
>> %% pick some range that works in your environment 
>> %{kernel, [
>> %   {inet_dist_listen_min, 21000},   
>> %   {inet_dist_listen_max, 22000}
>> %]},
>>  %% Riak Core config
>>  {riak_core, [
>> ...
>> Cheers,
>>  
>> Alexander Sicular
>> @siculars
>> http://sicuars.posterous.com
>> 
>> On Friday, May 27, 2011 at 12:55 AM, Antonio Rohman Fernandez wrote:
>> 
>> hello all,
>> 
>> http://IP:8098/riak?buckets=true [ will show all available buckets on Riak ]
>> http://IP:8098/riak/bucketname?keys=true&props=false [ will show all available keys on a bucket ]
>> 
>> to me, this proves a very big security risk, as if somebody discovers your Riak server's IP, is very easy to read all the information from it, even if you try to obfuscate the buckets/keys... everything is highly readable.
>> there is any way to disable those options? like {riak_kv_stat, false} hides the /stats page
>> 
>> thanks
>> 
>> Rohman
>> 
>> 
>> 		Antonio Rohman Fernandez
>> CEO, Founder & Lead Engineer
>> rohman at mahalostudio.com	 	Projects
>> MaruBatsu.es
>> PupCloud.com
>> Wedding Album
>> 
>> _______________________________________________
>> riak-users mailing list
>> riak-users at lists.basho.com
>> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
> 
> -- 
> 
> 		Antonio Rohman Fernandez
> CEO, Founder & Lead Engineer
> rohman at mahalostudio.com	 	Projects
> MaruBatsu.es
> PupCloud.com
> Wedding Album
> 
> 
> _______________________________________________
> riak-users mailing list
> riak-users at lists.basho.com
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
> 
> 
> _______________________________________________
> riak-users mailing list
> riak-users at lists.basho.com
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20110527/39128309/attachment.html>


More information about the riak-users mailing list