Is it possible to disable listing of all keys in a bucket?
jlangevin at loomlearning.com
Sat May 28 20:40:59 EDT 2011
Put a proxy in front, block that request url.
- Jon Langevin -- sent from my Android phone
On May 28, 2011 8:26 PM, "Eamonn O'Brien-Strain" <eob at hp.com> wrote:
> Is it possible to configure Riak so that it is impossible to use the
> REST API to list all the keys in a bucket?
> I would like to use a "capability security" approach where all the keys
> are unguessable random strings, such that possession of a key gives a
> client authorization to fetch the data for that key, and a client who
> does not have the key cannot fetch the data.
> However, the ability to list all the keys in a bucket defeats that
> security model.
> Eamonn O'Brien-Strain
> HP Labs
> riak-users mailing list
> riak-users at lists.basho.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the riak-users