Another great reason to insert a layer between your app and riak is that if you
should ever change your data storage strategy or support multiple strategies
(e.g. support the use of a strategy other than riak) it would minimize or
eliminate the need to change the client app.
- Keith
On May 27,
Don't trust any client that you put in the hands of someone else. i.e.
mobile client, client-side web app, etc. It would take anyone with a packet
sniffer 5 seconds to figure out you're using Riak and then they have the
Riak docs to step them through how to read/write arbitrary values from your
c
I would strongly advise you that mobile clients should not be trusted to
access your data directly. Because someone *will* reverse engineer them,
and *will* see what they can see. You really do need an API between your
mobile application and the mobile service.
I know you think you don't. You'r
"riak only available on localhost and nginx facing the outside world"... that sounds like something worth trying! thanks.even i still think it could be great to have some options to enable/disable those "?buckets=true" and "?keys=true"Rohman
On Fri, 27 May 2011 07:40:45 +0100, Russell Brown wrote:
On 27 May 2011, at 07:10, Antonio Rohman Fernandez wrote:
> "In our case, the only nodes that are allowed to hit the Riak cluster are
> those of our applications"... what if your app is more complex than that and
> you have thousands of servers all around the world ( different datacenters,
> d
On Thu, May 26, 2011 at 8:10 PM, Antonio Rohman Fernandez <
roh...@mahalostudio.com> wrote:
> what if apart from webservers with a web-app i want to build
> iPhone/iPad/Android apps that access Riak directly?
Unfortunately, Riak just isn't designed for that. You might be able to work
around it
"In our case, the only nodes that are allowed to hit the Riak cluster are those of our applications"... what if your app is more complex than that and you have thousands of servers all around the world ( different datacenters, different networks ) with crawlers, scanners, blackboxes, etc... all com
Hi Rohman,
It is not recommended that you deploy Riak on the public internet. Keep all
access private and then implement iptables on each individual node securing
access to upstream clients.
Ports to keep in mind -
http(s) port (8098)
protocol buffers port (8099)
epmd (4369)
forcing the range
Rohman,
In our case, the only nodes that are allowed to hit the Riak cluster are
those of our applications. We do not allow access to the Riak nodes from the
public Internet. Firewall rules are in place to prevent this in some cases,
and in others the Riak nodes themselves are on internal networks
hello all,
http://IP:8098/riak?buckets=true [ will show all
available buckets on Riak
]
http://IP:8098/riak/bucketname?keys=true&props=false [ will show all
available keys on a bucket ]
to me, this proves a very big security
risk, as if somebody discovers your Riak server's IP, is very easy to
10 matches
Mail list logo