On 05/28/2011 05:40 PM, Jonathan Langevin wrote:
Put a proxy in front, block that request url.
Thanks Jonathan. Yep, that would work, but it adds another otherwise
unnecessary component to my deployment, which I would like to keep as
simple as possible. That is why I was hoping there would be some easy
change that I could make to the app.config file.
__
Eamonn
- Jon Langevin -- sent from my Android phone
On May 28, 2011 8:26 PM, "Eamonn O'Brien-Strain" <[email protected]
<mailto:[email protected]>> wrote:
> Is it possible to configure Riak so that it is impossible to use the
> REST API to list all the keys in a bucket?
>
> I would like to use a "capability security" approach where all the keys
> are unguessable random strings, such that possession of a key gives a
> client authorization to fetch the data for that key, and a client who
> does not have the key cannot fetch the data.
>
> However, the ability to list all the keys in a bucket defeats that
> security model.
>
> Thanks,
> __
> Eamonn O'Brien-Strain
> HP Labs
>
> _______________________________________________
> riak-users mailing list
> [email protected] <mailto:[email protected]>
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
_______________________________________________
riak-users mailing list
[email protected]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
