Securing MogileFS

Brandon Ooi brandon at
Wed Aug 24 23:13:53 PDT 2005


I have a couple questions/comments regarding MogileFS security.

mogilefsd - It seems like mogilefsd was not built for clients to talk to 
directly but rather, indirectly. Securing mogilefsd should not be a 

mogstored - This one is a little bit trickier. We would like to have the 
clients talk directly to the storage nodes (in order to reduce traffic 
on the trackers). However, it seems like there are no ACLs on mogstored. 
In fact it seems like a very slim webserver. This also means that 
anybody can GET, PUT and DELETE any file if the storage node is 
externally available. It would also be difficult to block this at the 
firewall stage (would require inspection of the HTTP packet request).

One solution would be to shield the storage nodes with Squid caches and 
let the caches serve up eveything. Out of curiosity, how have other 
people approached this problem?


More information about the mogilefs mailing list