Comments (8)
Specifically https://github.com/rqlite/rqlite/blob/master/DOC/SECURITY.md
But this is a feature of rqlite, not Raft itself.
from thesecretlivesofdata.
I can answer 2. Raft assumes behaving nodes -- it is not designed to deal with a node that is deliberately trying to circumvent the system.
from thesecretlivesofdata.
And if a node tries to circumvent the system that is considered a bug in the implementation, not an "attacker".
from thesecretlivesofdata.
@otoolep thanks for the quick reply. Isn't assuming that all nodes are honest a bit naive ? If the project is open source, one could re-engineer a tainted version that could connect itself to the network. Even if not open source, reverse engineering exists. And if all nodes are guaranteed to be well-behaving, there's still the risk of having a man-in-the-middle usurper modifying for example Append entries messages (probably harder if messages are properly encrypted though).
Then, are there guidelines / recommendations on how to safely implement this consensus ?
Guess I'll have to find some time and dig in some implementations.
from thesecretlivesofdata.
It's not naive. Like any system you are responsible for running a secure deployment and network, and only standing up nodes with software you trust. If your network is so open that nodes you can't control can just connect, you may have bigger issues.
However many actual usages of Raft consensus protocol -- my own rqlite system for example -- do allow you to enable security checks, requiring nodes that wish to join to supply the right password. That way you only supply the password to the nodes you trust. The easiest way to do this is to only supply the password to nodes you launch.
from thesecretlivesofdata.
I see. Thanks for the support, closing this issue !
from thesecretlivesofdata.
For example, if you know the IP addresses of which nodes are running your Raft system, you might be able to configure your network such that only those nodes can talk to each other, for the purposes of joining. This would prevent any other node from connecting.
This is an example of what I mean by a "secure deployment and network". AWS EC2 Security Groups, for one, allow you to do this. (https://github.com/rqlite/rqlite/blob/master/DOC/SECURITY.md#network-security)
from thesecretlivesofdata.
yeah... it's a bit different for blockchain systems (no control over the network), where whitelisting IP addresses would be a terrible idea. I suppose I was too focused on this example :)
from thesecretlivesofdata.
Related Issues (20)
- What is "majority"? HOT 3
- We need Paxos! HOT 1
- Can we restart this project, I want to join this HOT 2
- paxos begging
- Proof Of Work in Ethereum Blockchain
- It's very wonderful HOT 1
- Great iniciative - PBFT woulb be great
- 我觉得可以继续搞下去,支持作者 HOT 4
- GGG
- Gossip Protocol
- DO IT NOW!!!!
- May I use your visualization to teach students about raft consensus algorithms? HOT 1
- Automatic Differentiation/Backpropagation
- I waiting for six years, when are you going to update the kafka parts HOT 6
- still, I am waiting for more
- Consistency
- really amazing,keep going pls
- visualization request: Nakamoto Consensus Algorithm
- WOW! So good
- Randomised election timeouts
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from thesecretlivesofdata.