There's exposing and then there's exposing (like celebrity nip-slip versus leaked sex tape... yes, my mind went there). A DB like Postgres is fairly harmless to expose, since it has so much built-in security there's not much danger in it. Of course you still need to secure your server, but to offer accounts and databases to multiples users is fairly safe, since you can lock down a lot.
Even other KVs like Redis can be largely exposed, you can just route requests to a block of DBs per account and globally suppress some of the more destructive commands like FLUSHALL. MongoHQ makes a living offering exposed mongo instances to people. You need to monitor for over-utilization, sure, but support is robust. Riak offers little in the way of multitenancy. I've hacked a solution in node.js to control per-account bucket access, but Kyle points out interesting issue. The fact that one can execute arbitrary erlang poses another layer of security risk, and anyone who dreams of being a Riak host (ala MongoHQ) must deal with the issue. Eric On Oct 19, 2011, at 4:18 PM, Paul Fisher wrote: > Generally I would never put any database open on the Internet... Is there > something special about Riak that would cause people to change this rule of > thumb? > > -- > paul > > On Oct 19, 2011, at 4:50 PM, "Aphyr" <ap...@aphyr.com> wrote: > >> With Eric Redmond's permission*, I am releasing a proof-of-concept >> exploit which uses Riak's mapreduce API to execute arbitrary Erlang code >> and obtain shell access. >> >> http://aphyr.com/journals/show/do-not-expose-riak-directly-to-the-internet >> >> Please stop doing this. >> >> --Kyle >> >> * Eric (http://crudcomic.com/post/11656603627/downside-of-crowdsourcing) >> announced a publicly accessible Riak cluster today; with his >> permission/supervision I used this exploit to gain shell access to his >> server. He's taken down that cluster and encouraged me to release this >> information. >> >> I love the idea of a public sandbox for Riak--but it should be wrapped >> in a rate-limiting HTTP proxy that only allows certain URLs, object >> sizes, and methods. And limits the number of keys. :) >> >> _______________________________________________ >> riak-users mailing list >> riak-users@lists.basho.com >> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
_______________________________________________ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
