jeff.kirkell at gmail.com
Fri Sep 30 14:54:19 EDT 2011
This is something I have been trying to figure the best approach for as
well. One possibility, and the one I am trying to build a solution for is to
have a proxy in the front that accepts and API key or some other form of
credential, validates, then passes through to Riak on whatever port is
specified. The goal is that in addition to your IP filtering and access
rules, you also have a layer of authorization at what ever level you want
through the proxy.
Hope that helps,
On Fri, Sep 30, 2011 at 2:00 PM, Kyle Quest <kcq.lists at gmail.com> wrote:
> This is a pretty common situation with the NoSQL databases. They have
> no security and the standard answer is that it's your job to do with
> firewalls and proxies. This is a good indication that the NoSQL world
> is still in its infancy. Security features will get there eventually
> and Accumulo is an example of progress in terms of security
> capabilities, but it's going to take a while... a long while :-)
> Now in this case you can do something :-) One option is to use a web
> proxy that would expose two different ports for GET and PUT requests
> and then have the appropriate HTTP method filters for each of those
> ports. However, this doesn't really do much for security because these
> GET and PUT requests will still be sent to the same Riak node. A
> better solution is to have separate Riak nodes for reads and writes.
> You would still need a web proxy to do the HTTP method filtering... to
> allow only GET HTTP methods for the first node requests and allow only
> PUT HTTP methods for the second node requests. A much easier solution
> would involve configuring MochiWeb to do the HTTP method filtering, so
> you wouldn 't need any proxies; however, I'm not a MochiWeb expert and
> I don't know if you can define the allowed HTTP methods for MochiWeb
> in Riak configs.
> On Sat, Sep 10, 2011 at 12:06 AM, Mark Turner <mark at amerine.net> wrote:
> > On Friday, September 9, 2011 at 11:09 PM, raghwani sohil wrote:
> > Hi ,
> > currently we are using port 8098 for both GET and PUT request for riak .
> > I want to achieve security in riak .
> > 1> Is there any way to use seperate port for GET and PUT request for
> > riak ??
> > 2> If there is no way to use seperate port for GET and PUT request then
> > please can any one explain me how should I achieve security in riak .??
> > I don't know about changing the ports.
> > As far as the security goes, that responsibility falls to you at the
> > network/firewall/proxy/router level.
> > _______________________________________________
> > riak-users mailing list
> > riak-users at lists.basho.com
> > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
> riak-users mailing list
> riak-users at lists.basho.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the riak-users