running naked : suggested firewall rules

2010-04-21 Thread richard bucker
everyone knows it's better to run behind a firewall; at least that's what the firewall vendors and lazy admins say; however there are use-cases when it's either not possible or practical... unless an app on the box opens some wildly popular port or something... so in the hopes that I've set my root

Re: running naked : suggested firewall rules

2010-04-21 Thread Alexander Sicular
Don't do it. Does your DMZ parse http? On 2010-04-21, richard bucker wrote: > everyone knows it's better to run behind a firewall; at least that's what > the firewall vendors and lazy admins say; however there are use-cases when > it's either not possible or practical... unless an app on the box

Re: running naked : suggested firewall rules

2010-04-21 Thread richard bucker
Point taken. If a riak server is insecure in the DMZ then it's also insecure in the enterprise. Generally speaking what is the best way to secure it? ie; encrypting messages, events, requests, responses and so on. (I happen to like IPSEC for this sort of thing but I'm not an expert) /r On Wed,

Re: running naked : suggested firewall rules

2010-04-21 Thread Justin Sheehy
On Wed, Apr 21, 2010 at 8:27 AM, richard bucker wrote: > If a riak server is insecure in the DMZ then it's also insecure in the > enterprise. I might be misunderstanding what you mean by this. I don't know of any enterprises that think it is a good idea to run their Oracle databases directly av

Re: running naked : suggested firewall rules

2010-04-21 Thread Alexander Sicular
Regardless of which network space risk lives in, I would control access to it via a firewall. Set it up so that only your application stack has access. I think there are some nginx scripts floating around the interweb. Would be nice if Basho compiled a resource in this area... @siculars on

Re: running naked : suggested firewall rules

2010-04-21 Thread Alexander Sicular
More specifically put your Riak assets on their own vlan and control access via a router/firewall. @siculars on twitter http://siculars.posterous.com Sent from my iPhone On Apr 21, 2010, at 8:27, richard bucker wrote: Point taken. If a riak server is insecure in the DMZ then it's also in

Re: running naked : suggested firewall rules

2010-04-21 Thread Ryan Tilder
You have two classes[1] of access control for Riak: - other Riak nodes in the ring - clients making use of the Riak ring For both access groups, the settings you want are in riak/etc/app.config. The config directives you care about for client access all end in "_ip" and "_port": web_ip, web_po

Help with protobuf (again)

2010-04-21 Thread Matthew Pflueger
I'm having a small issue setting the client id and getting the client id using the protobuf interface. I'm new to using protobufs so I'm probably doing something stupid. Below is my code, everything works up until the last assert. For some reason, the client ids retrieved from the message are gi

Re: Help with protobuf (again)

2010-04-21 Thread Jon Meredith
Hi Matthew, The client ids used for get/set client ids are supposed to be opaque - at the moment they're 32-bit integers but I didn't want to tie the interface to that. There were two use cases for the call - if you wanted to keep the same client id across reconnects you could call get client

Riak Recap for 4/18 - 4/20

2010-04-21 Thread Mark Phillips
Hey All - Hope everyone is having a good week. A few quick things for today's recap. Best, Mark Community Manager wiki.basho.com twitter.com/pharkmillups Riak Recap for 4/18 - 4/20 1) There is now an official Basho mirror on GitHub. You can check it out here: http://github.com/ba

Re: Riak Recap for 4/18 - 4/20

2010-04-21 Thread Mark Phillips
> 3) Already mentioned on the mailing list but worth mentioning again > --> We tagged a release candidate for the upcoming 0.10 release. You > can get the tarball for 0.10rc1 here if you want to spend a few days > on the bleeding edge (official 0.10 planned for end of the week) : > > http://downloa