Security risk of clients having access to vector clocks

Brian Picciano dustfinger1 at gmail.com
Thu Jan 17 21:06:20 EST 2013


A web app that we're building is designed in such a way that the vector
clocks returned from a bucket with use_multi:true will be sent to the
client, and the client will then return that vector clock in subsequent
requests so that we can keep track of state conflicts in riak.

My question is: are there any security risks in doing this? We've
obfuscated the vector clock (and never call it the vector clock on the
client side), but that's just security through obscurity, and probably
wouldn't hold up very long. Would a client be able to get any meaninful
information out of a vector clock, or manipulate it in such a way that when
they return it it could harm the database? Are there any ways we could
combat this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20130117/d61cf73d/attachment.html>


More information about the riak-users mailing list