Lock down Raft routes to intra-cluster messaging only

DylanSp / miscd

A distributed, sharded key-value store for learning how to build distributed systems.

MIT License

0 stars 0 forks source link

Lock down Raft routes to intra-cluster messaging only #3

Open DylanSp opened 3 years ago

DylanSp commented 3 years ago

Right now, the routes for Raft RPCS are planned to be publicly exposed, which is an obvious safety/security flaw. They should be locked down to only allow communication from other nodes in the cluster.

Note: this should only affect the endpoints for the RequestVote and AppendEntries RPCs. Information-only status endpoints should be publicly exposed.

DylanSp commented 3 years ago

I'm thinking that the authentication will be done with a shared secret that deployers are responsible for provisioning; Raft RPCs will include it as an HTTP header, which has to match what a node has saved to accept Raft RPCs.

DylanSp commented 3 years ago

An alternative would be to move the Raft RPCs into a separate communication channel, such as using ZeroMQ; see https://github.com/zeromq/netmq.