<div>
            <div>
                <span>Hi Rohman,</span></div><div><span><br></span></div><div><span>It is not recommended that you deploy Riak on the public internet. Keep all access private and then implement iptables on each individual node securing access to upstream clients.</span></div><div><span><br></span></div><div><span>Ports to keep in mind - </span></div><div><span><br></span></div><div><span>http(s) port (8098)</span></div><div><span>protocol buffers port (8099)</span></div><div><span>epmd (4369)</span></div><div><span>forcing the range of ports erlang uses to communicate amongst other erlang nodes.</span></div><div><span><br></span></div><div><span>The latter is not part of the default configuration but I think it should be. At least commented out in app.config.<br>
                </span>
                <span><br></span></div><div><span><div><div>Put it right at the top of the config array above the riak_core directives like so:</div></div></span></div><div><span><br></span></div><div><span><div>[</div><div><br></div><div><div>%% limit dynamic ports erlang uses to communicate</div><div>%% pick some range that works in your environment </div><div>%{kernel, [</div><div>%   {inet_dist_listen_min, 21000},   </div><div>%   {inet_dist_listen_max, 22000}</div><div>%]},</div></div><div><br></div><div> %% Riak Core config</div><div> {riak_core, [</div><div>...</div><div><br></div><div><br></div><div>Cheers,</div><div> </div></span></div><div><span>Alexander Sicular<div>@siculars</div><div>http://sicuars.posterous.com</div><br></span>
                
                <p style="color: #a0a0a0;">On Friday, May 27, 2011 at 12:55 AM, Antonio Rohman Fernandez wrote:</p>
                <blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
                    <span><div><div><p>hello all,<br><br><a href="http://IP:8098/riak?buckets=true">http://IP:8098/riak?buckets=true</a> [ will show all available buckets on Riak ]<br><a href="http://IP:8098/riak/bucketname?keys=true&props=false">http://IP:8098/riak/bucketname?keys=true&props=false</a> [ will show all available keys on a bucket ]<br><br>to me, this proves a very big security risk, as if somebody discovers your Riak server's IP, is very easy to read all the information from it, even if you try to obfuscate the buckets/keys... everything is highly readable.<br>there is any way to disable those options? like {riak_kv_stat, false} hides the /stats page<br><br>thanks<br><br>Rohman</p>
<div>
<pre><div><img src="http://webmail.mahalostudio.com/sig_top.gif" alt="line" width="643" height="7"><table style="margin-bottom: 7px;" border="0" cellspacing="0" cellpadding="0" width="643"><tbody><tr><td width="190" valign="top"><a href="http://mahalostudio.com" target="_blank"><img style="margin-left: 10px;" src="http://webmail.mahalostudio.com/mahalo-logo-mini.png" border="0" alt="logo" width="162" height="44"></a></td><td width="10"> </td><td width="225" valign="top"><span style="color: #5f5f5f; font-family: Verdana,Arial,Helvetica,sans-serif; font-size: small;"><strong>Antonio Rohman Fernandez</strong></span><br><span style="color: #5f5f5f; font-family: Arial,Helvetica,sans-serif; font-size: xx-small;"><span style="font-size: 8.5pt; color: #5f5f5f;">CEO, Founder & Lead Engineer</span><br><a style="text-decoration: none;" href="mailto:rohman@mahalostudio.com" target="_blank"><span style="font-size: 8.5pt; color: #519f3f;">rohman@mahalostudio.com</span></a></span></td><td width="10"> </td><td width="225" valign="top"><span style="color: #5f5f5f; font-family: Verdana,Arial,Helvetica,sans-serif; font-size: small;"><strong>Projects</strong></span><br><span style="color: #5f5f5f; font-family: Arial,Helvetica,sans-serif; font-size: xx-small;"><a style="text-decoration: none;" href="http://marubatsu.es" target="_blank"><span style="font-size: 8.5pt; color: #2e974d;">MaruBatsu.es</span></a><br><a style="text-decoration: none;" href="http://pupcloud.com" target="_blank"><span style="font-size: 8.5pt; color: #519f3f;">PupCloud.com</span></a><br><a style="text-decoration: none;" href="http://wedding.mahalostudio.com" target="_blank"><span style="font-size: 8.5pt; color: #519f3f;">Wedding Album</span></a></span></td></tr></tbody></table><img src="http://webmail.mahalostudio.com/sig_top.gif" alt="line" width="643" height="7"></div></pre>
</div></div><div>_______________________________________________<br>riak-users mailing list<br><a href="mailto:riak-users@lists.basho.com">riak-users@lists.basho.com</a><br><a href="http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com">http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com</a><br></div></div></span>
                
                
                
                
                </blockquote>
                
                <div>
                    <br>
                </div>
            </div>
        </div>