Is it possible to disable listing of all keys in a bucket?
eob at hp.com
Sat May 28 20:56:32 EDT 2011
On 05/28/2011 05:40 PM, Jonathan Langevin wrote:
> Put a proxy in front, block that request url.
Thanks Jonathan. Yep, that would work, but it adds another otherwise
unnecessary component to my deployment, which I would like to keep as
simple as possible. That is why I was hoping there would be some easy
change that I could make to the app.config file.
> - Jon Langevin -- sent from my Android phone
> On May 28, 2011 8:26 PM, "Eamonn O'Brien-Strain" <eob at hp.com
> <mailto:eob at hp.com>> wrote:
> > Is it possible to configure Riak so that it is impossible to use the
> > REST API to list all the keys in a bucket?
> > I would like to use a "capability security" approach where all the keys
> > are unguessable random strings, such that possession of a key gives a
> > client authorization to fetch the data for that key, and a client who
> > does not have the key cannot fetch the data.
> > However, the ability to list all the keys in a bucket defeats that
> > security model.
> > Thanks,
> > __
> > Eamonn O'Brien-Strain
> > HP Labs
> > _______________________________________________
> > riak-users mailing list
> > riak-users at lists.basho.com <mailto:riak-users at lists.basho.com>
> > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the riak-users