Re: hidding buckets and keys

Thu, 26 May 2011 22:20:11 -0700 

Hi Rohman,

It is not recommended that you deploy Riak on the public internet. Keep all 
access private and then implement iptables on each individual node securing 
access to upstream clients.

Ports to keep in mind - 

http(s) port (8098)
protocol buffers port (8099)
epmd (4369)
forcing the range of ports erlang uses to communicate amongst other erlang 
nodes.

The latter is not part of the default configuration but I think it should be. 
At least commented out in app.config.

Put it right at the top of the config array above the riak_core directives like 
so:

[

%% limit dynamic ports erlang uses to communicate
%% pick some range that works in your environment 
%{kernel, [
%  {inet_dist_listen_min, 21000}, 
%  {inet_dist_listen_max, 22000}
%]},


%% Riak Core config
{riak_core, [
...


Cheers,


Alexander Sicular
@siculars
http://sicuars.posterous.com


On Friday, May 27, 2011 at 12:55 AM, Antonio Rohman Fernandez wrote:

> hello all,
> 
> http://IP:8098/riak?buckets=true [ will show all available buckets on Riak ]
> http://IP:8098/riak/bucketname?keys=true&props=false [ will show all 
> available keys on a bucket ]
> 
> to me, this proves a very big security risk, as if somebody discovers your 
> Riak server's IP, is very easy to read all the information from it, even if 
> you try to obfuscate the buckets/keys... everything is highly readable.
> there is any way to disable those options? like {riak_kv_stat, false} hides 
> the /stats page
> 
> thanks
> 
> Rohman 
> 
> 
> Antonio Rohman Fernandez
> CEO, Founder & Lead Engineer
> roh...@mahalostudio.com (mailto:roh...@mahalostudio.com)
> 
> Projects
> MaruBatsu.es (http://marubatsu.es)
> PupCloud.com (http://pupcloud.com)
> Wedding Album (http://wedding.mahalostudio.com) 
> _______________________________________________
> riak-users mailing list
> riak-users@lists.basho.com (mailto:riak-users@lists.basho.com)
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com


_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com

Reply via email to