nova team mailing list archive

Thread
Date

Re: ORM Refactor

To: nova@xxxxxxxxxxxxxxxxxxx
From: Soren Hansen <soren@xxxxxxxxxx>
Date: Fri, 10 Sep 2010 21:45:24 +0200
In-reply-to: <1B692A09-D068-46C8-9012-3EFAF09238E4@me.com>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100903 Thunderbird/3.1.3

On 10-09-2010 19:55, Devin Carlen wrote:
> I think someone covered this but our main rationale behind moving
> from redis is that it doesn't have sufficient security for our needs.
> If a machine were to be compromised, redis is essentially just wide
> open.

I agree with this concern.

Let's not forget that we're building a platform that's meant to be able
to run virtual machines by complete strangers. Strangers of which at
least some percentage can be expected to be malicious. Even a small
network misconfiguration could not only reveal all of our data store to
an attacker, but he could alter it or even delete it all with a single
API call.

Redis is neat and I'm sure it's excellent for many use cases, but I'm
not convinced ours is one of them. Yet, at least.

-- 
Soren Hansen
Ubuntu Developer    http://www.ubuntu.com/
OpenStack Developer http://www.openstack.org/

References

ORM Refactor
From: Vishvananda Ishaya, 2010-09-01
Re: ORM Refactor
From: Jay Pipes, 2010-09-10
Re: ORM Refactor
From: Vishvananda Ishaya, 2010-09-10
Re: ORM Refactor
From: Rick Clark, 2010-09-10
Re: ORM Refactor
From: Vishvananda Ishaya, 2010-09-10
Re: ORM Refactor
From: Jay Pipes, 2010-09-10
Re: ORM Refactor
From: Devin Carlen, 2010-09-10