Riak security

Kyle Quest kcq.lists at gmail.com
Fri Sep 30 14:00:51 EDT 2011


This is a pretty common situation with the NoSQL databases. They have
no security and the standard answer is that it's your job to do with
firewalls and proxies. This is a good indication that the NoSQL world
is still in its infancy. Security features will get there eventually
and Accumulo is an example of progress in terms of security
capabilities, but it's going to take a while... a long while :-)

Now in this case you can do something :-) One option is to use a web
proxy that would expose two different ports for GET and PUT requests
and then have the appropriate HTTP method filters for each of those
ports. However, this doesn't really do much for security because these
GET and PUT requests will still be sent to the same Riak node. A
better solution is to have separate Riak nodes for reads and writes.
You would still need a web proxy to do the HTTP method filtering... to
allow only GET HTTP methods for the first node requests and allow only
PUT HTTP methods for the second node requests. A much easier solution
would involve configuring MochiWeb to do the HTTP method filtering, so
you wouldn 't need any proxies; however, I'm not a MochiWeb expert and
I don't know if you can define the allowed HTTP methods for MochiWeb
in Riak configs.



On Sat, Sep 10, 2011 at 12:06 AM, Mark Turner <mark at amerine.net> wrote:
> On Friday, September 9, 2011 at 11:09 PM, raghwani sohil wrote:
>
> Hi ,
>
> currently we are using port 8098 for both GET and PUT request for riak . So
> I want to achieve security in riak .
>
> 1>  Is there any way to use seperate  port  for GET and  PUT  request for
> riak ??
>
> 2>  If there is no way to use seperate port for GET and PUT  request then
> please can any one explain me how should I achieve security in riak .??
>
> I don't know about changing the ports.
> As far as the security goes, that responsibility falls to you at the
> network/firewall/proxy/router level.
>
> _______________________________________________
> riak-users mailing list
> riak-users at lists.basho.com
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>
>



More information about the riak-users mailing list