The fact that it allows any client to execute arbitrary code as the database user, on the database server? You can call 'os:cmd' to shell out from a M-R job. You can't do that directly in MySQL.
I think this requirement should be extended to: "Don't allow clients to connect who aren't equivalent to the database UID on the server". If you have a Rails front-end and a Riak back-end, you can't let them talk without some application proxy between, filtering out all but the simplest queries (no M-R). We have our front-end servers talking to a simple scheduling back-end over a single port, and all other ports are blocked. That scheduler can talk to Riak, but the front-end can't directly. -Nate On Oct 19, 2011, at 4:18 PM, Paul Fisher wrote: > Generally I would never put any database open on the Internet... Is there > something special about Riak that would cause people to change this rule of > thumb? > > -- > paul > > On Oct 19, 2011, at 4:50 PM, "Aphyr" <ap...@aphyr.com> wrote: > >> With Eric Redmond's permission*, I am releasing a proof-of-concept >> exploit which uses Riak's mapreduce API to execute arbitrary Erlang code >> and obtain shell access. >> >> http://aphyr.com/journals/show/do-not-expose-riak-directly-to-the-internet >> >> Please stop doing this. >> >> --Kyle >> >> * Eric (http://crudcomic.com/post/11656603627/downside-of-crowdsourcing) >> announced a publicly accessible Riak cluster today; with his >> permission/supervision I used this exploit to gain shell access to his >> server. He's taken down that cluster and encouraged me to release this >> information. >> >> I love the idea of a public sandbox for Riak--but it should be wrapped >> in a rate-limiting HTTP proxy that only allows certain URLs, object >> sizes, and methods. And limits the number of keys. :) _______________________________________________ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
