Is it possible to disable listing of all keys in a bucket?

Jonathan Langevin jlangevin at loomlearning.com
Sat May 28 20:40:59 EDT 2011


Put a proxy in front, block that request url.

- Jon Langevin -- sent from my Android phone
On May 28, 2011 8:26 PM, "Eamonn O'Brien-Strain" <eob at hp.com> wrote:
> Is it possible to configure Riak so that it is impossible to use the
> REST API to list all the keys in a bucket?
>
> I would like to use a "capability security" approach where all the keys
> are unguessable random strings, such that possession of a key gives a
> client authorization to fetch the data for that key, and a client who
> does not have the key cannot fetch the data.
>
> However, the ability to list all the keys in a bucket defeats that
> security model.
>
> Thanks,
> __
> Eamonn O'Brien-Strain
> HP Labs
>
> _______________________________________________
> riak-users mailing list
> riak-users at lists.basho.com
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20110528/dbcd93ba/attachment.html>


More information about the riak-users mailing list