Securing MogileFS
Brandon Ooi
brandon at hotornot.com
Wed Aug 24 23:13:53 PDT 2005
Hi,
I have a couple questions/comments regarding MogileFS security.
mogilefsd - It seems like mogilefsd was not built for clients to talk to
directly but rather, indirectly. Securing mogilefsd should not be a
problem.
mogstored - This one is a little bit trickier. We would like to have the
clients talk directly to the storage nodes (in order to reduce traffic
on the trackers). However, it seems like there are no ACLs on mogstored.
In fact it seems like a very slim webserver. This also means that
anybody can GET, PUT and DELETE any file if the storage node is
externally available. It would also be difficult to block this at the
firewall stage (would require inspection of the HTTP packet request).
One solution would be to shield the storage nodes with Squid caches and
let the caches serve up eveything. Out of curiosity, how have other
people approached this problem?
Brandon
More information about the mogilefs
mailing list