Towards a More Secure Nun-db: Our Latest Security Enhancements
The initial focus on Nun-db was to be fast and easy to use, then we moved to make it infinitely scalable and to deal with data conflicts as a first-class citizen, bringing even a few offline capabilities. Now it is time to think a bit about Security; up to this point, it has not been the focus. Security will probably drive the next six months of updates to Nun-db core, and the goal is to make it more suitable for production apps out of my control. While I will be writing examples of how to use Nun-db, my goal is to secure the database.
Latest Security Enhancements
Lately, I have implemented the concept of “Secure keys,” which means that any key prefixed by “\(" can only be set if the client is authenticated as the cluster admin. This has been a hidden feature for a long time; for example, the token for the database is stored as a key called "\)token,” and for obvious reasons, that key cannot and should not be read from any client without admin access, nor should it be sent to clients listing keys.
But now, after merging PR#83, all keys prefixed by “$$” can only be modified, listed, acquired, or watched by clients authenticated as cluster admins.
What does cluster admins mean?
Cluster admin refers to a client that authenticates with the cluster credentials using the command
auth $USER $PWD. If that command is successful in that session, all subsequent commands will execute as a cluster admin, similar to a
sudo su in Linux.
Existent Security keys
By default, only the
$$token is protected, but over time, more and more implementations will use it to store metadata about Nun-db. All data about Nun-db is stored as Nun-db values; given its simplicity, we can abstract it to enable any of that.
What is next in Security?
- We will be implementing multiple users in a single database. Today, a database can only have one credential.
- Fine-grated permission control key level. Who can do what in what key?
- What else?
- Real-time Medical Image Collaboration POC Made Easy with OHIF and Nun-db
- How to create users with different permission levels in Nun-db
- Match vs Hashmap! Which one is faster in rust?
- Towards a More Secure Nun-db: Our Latest Security Enhancements
- Building a Trello-like React/Redux App with Nun-DB with offline and conflict resolution features
- Introduction to managing conflicts in Nun-DB
- Keepin up with Nun-db 2023
- The new storage engine of Nun-db
- Stop procrastinating and just fix your flaky tests, it may be catching nasty bugs
- An approach to hunt and fix non-reproducible bugs - Case study - Fixing a race conditions in Nun-db replication algorithm in rust
- Nun-db the debug command
- Keeping up with Nun-db 2021
- Writing a prometheus exporter in rust from idea to grafana chart
- Integration tests in rust a multi-process test example
- Leader election in rust the journey towards implementing nun-db leader election
- How to make redux TodoMVC example a real-time multiuser app with nun-db in 10 steps
- A fast-to-sync/search and space-optimized replication algorithm written in rust, The Nun-db data replication model
- NunDb How to backup one or all databases
- How to create your simple version of google analytics real-time using Nun-db
- Migrating a chat bot feature from Firebase to Nun-db
- Keepin' up with Nun-DB
- Going live with Nun-DB