On Thu, Oct 20, 2011 at 11:27 AM, Aphyr <ap...@aphyr.com> wrote: > I *do* know that multitenant mongo is vulnerable to trivial > denial-of-service vulnerabilities, thanks to a global write lock and > gleefully executing javascript everywhere. While we're talking DoS, it's >
I think we can all agree it's a bad idea to put _any_ system on the unfiltered 'Net unless you've take a number of precautions to ensure your system isn't variously DoS'd, hacked or otherwise subverted. Riak is designed to be a low-latency, fault-tolerant datastore. It's intended to a foundational service on which you can build other systems. As such, we (strongly) recommend you take steps to protect it and insulate it from untrusted portions of your network. It goes without saying that "untrusted" ~= 'Net at large. :) worth mentioning that if you can convince a sufficiently large riak > cluster to list-keys, it *will* go down.* > As noted (copiously) in the past, doing a list-keys in a Dynamo style system is very, very expensive. It's a part of the tradeoffs one is making for improved latency and availability. That said, we have been working to improve the impact that such an expensive operation has on the overall system and agree whole-heartedly it shouldn't swamp the whole cluster if possible. 1.0 is a lot better in this regard, but there's still work to be done. The answer is not to ban mapreduce (or distributed code execution of any > kind). The answer is to avoid running code from people in dark alleys on > a system you care about.*** :) > Ultimately, this is a big game of tradeoffs. We're doing our best to make Riak an unparalleled distributed datastore that you can build reliable services on. We welcome any and all feedback on features we could add that would tangibly improve it: http://features.basho.com/home D. -- Dave Smith Director, Engineering Basho Technologies, Inc. diz...@basho.com
_______________________________________________ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
