flush_all permissions

You can restrict the commands to be run with a password by using buckets that are SASL enabled. The 'default' bucket uses no pasoword.

Bhawana

Bhawana, thanks for the quick reply.

So, the client will need to know the password to issue any commands. ie. If the client has the password it can issue any command?

Thanks,
John

John,

Yes, the client would need to know the password.

Here the client is your webserver talking to the Membase server. You are the owner of both the client and the Membase server. They would be behind a firewall.

Please let me know if you have more questions or concerns about this.

Thanks

Bhawana

I am curious about this as well.  Our developers need to be able to directly modify keys in the Membase server from time to time and they would prefer they be unable to accidentally or misguidedly erase all of the information.  We would like to be able to disable the flush command or to make it require a password that is different from the password used for general access.

Of course, in a memcached environment where there is no guarantee of persistence in the first place, this does not make sense.  However, once we start permanently (or very long term) persisting data with Membase it becomes more important.  Some of the data being stored takes a lot of computational time to re-compute.

Thanks for your reply Bhawana.

I was looking at using membase for some long term storage, or, replace mysql/postgres completely with it.  My site data could be organised so that I didn't need to use joins or other complex sql queries.

For arguement sake, if I was converting a popular CMS to use membase as its primary data store instead of MySQL or other database... web clients access my Joomla setup through port 80/443 (through the firewall you mention).  Then, next thing I know, the CMS has another security exploit and malicious scripts automatically compomise the CMS, find membase server details from my site conf files and then flush_all's my data.

However, I guess there is not much stopping a 'DELETE FROM table' in the sql scenario (could be configured), but, generally wouldn't allow the web client to 'DROP TABLE'.

Anyhow, it would be great if flush-all could be protected from programmer error or compromise.

Thanks,
John

Membase supports SASL authentication.  If you are using
a client that doesn't support SASL authentication, you can run moxi
client side which will then SASL auth on behalf of your client
application to the server.

The client to membase is generally your code, not your end users.  Other
than needing to ensure you pass along the right commands to your client
library, it should be pretty difficult to poison or misuse an
installation.

Please let us know if you need any specifics on how to use SASL auth or how it works.

Thanks

Bhawana

Jacoblunderg,

Disabling the flush command is not something that Membase supports. You can try SASL authentication which will have one pasword to protect all commands.

Bhawana

Well...  As you can see that doesn't really address the question from my standpoint.  Think of a robust RDBMS; the DBA will typically have the ability to restrict most users from doing things like drop table based on which user they connect as.  Since Membase can't do this right now, perhaps you could think of it as a requested feature.  :)

I have opened a feature request in Jira to add password protection to flush_all:

http://jira.membase.org/browse/MB-3098