3

I'm looking for advise on the 'right way' to authenticate interconnecting node.js applications. The use case is general: to share work tasks, sync data or for a control/monitoring channel. Databases have authentication, but what about the applications themselves?

What's the risk of intruders (from outside or on the network) to abuse your internal connections? Does it happen?

I find lot of cluster cooperation modules ranging from using raw sockets to like zeromq, but the examples never really mention the security aspect and just connect to some ip/port. But what do you do to make sure the new worker that's joining the workforce is not hostile? How does a worker know it's not being used for nefarious purposes?

I assume the network in a cloud hosting is less hostile then open internet (IS it???), but still, what kinds of things do you do? I'd say internal https all-the-way is too much, but what do you do to match identities? Do you put some certificate on each node? What kind of? Then how do you check it? When do you put it on?

If my database can do with a simple id/pass (plain text or what?) then should my application cluster too? If so, how do you secure and manage the id info?

A basic solution could be to ssh some custom tokens to each node and check in application with some hashing scheme for each connecting node but I have no idea of good industry practice so what do you think?

casperOne
  • 73,706
  • 19
  • 184
  • 253
Bartvds
  • 3,340
  • 5
  • 30
  • 42

1 Answers1

0

If you are using solutions like ZeroMQ or Redis, make sure you set a password for them.

What your processes do is entirely your responsibility. You should make sure your application doesn't have any design flaws, so only you (from the server side) or authenticated users can send messages through the "pipeline" (for example if you are designing a chat make sure that only authenticated/registered users can send messages).

If you want extra security on your local network, you could use iptables.

alessioalex
  • 62,577
  • 16
  • 155
  • 122
  • Those design flaws, can you expand on what they could be? Like whats the next essential step after opening a socket and have my workers connect to and get work? What sort of wellhead do I put on the pipelines? – Bartvds Dec 12 '11 at 11:47
  • I'm talking more about before that you should check exactly who can send messages and who not. For example you have a chat server and only those connected can send messages (to the server and then server broadcasts to all), make sure that the user is auth (check the session). In situations like that, when you have specific roles you must perform additional checks (to see if the client has the rights). – alessioalex Dec 12 '11 at 11:57
  • The roles are a good one, but how do I know my image-thumnailing-queue-worker is auth? I have a registration module for users, my database has id/pass but what do you do with cluster nodes and suchlike? Specifically if they're node.js driven too? – Bartvds Dec 14 '11 at 11:23
  • Since they connect to Redis / ZeroMQ they'll have to provide the database password (if not they can't connect to it). – alessioalex Dec 14 '11 at 11:25