aboutsummaryrefslogtreecommitdiff
path: root/note/security.txt
diff options
context:
space:
mode:
Diffstat (limited to 'note/security.txt')
-rw-r--r--note/security.txt36
1 files changed, 36 insertions, 0 deletions
diff --git a/note/security.txt b/note/security.txt
new file mode 100644
index 000000000..04030a574
--- /dev/null
+++ b/note/security.txt
@@ -0,0 +1,36 @@
+Design for Seaweed-FS security
+
+Design Objectives
+ Security can mean many different things. The original vision is that: if you have one machine lying around
+ somewhere with some disk space, it should be able to join your file system to contribute some disk space and
+ network bandwidth.
+
+ To achieve this purpose, the security should be able to:
+ 1. Secure the inter-server communication. Only real cluster servers can join and communicate.
+ 2. allow clients to securely write to volume servers
+
+Non Objective
+ Multi-tenant support. Avoid filers or clients cross-updating files.
+ User specific access control.
+
+Design Architect
+ master, and volume servers all talk securely via 2-way SSL for admin.
+ upon joining, master gives its secret key to volume servers.
+ filer or clients talk to master to get secret key, and use the key to generate JWT to write on volume server.
+ A side benefit:
+ a time limited read feature?
+ 4. volume server needs to expose https ports
+
+HTTP Connections
+ clear http
+ filer~>master, need to get a JWT from master
+ filer~>volume
+ 2-way https
+ master~ssl~>volume
+ volume~ssl~>master
+
+file uploading:
+ when volume server starts, it asks master for the secret key to decode JWT
+ when filer/clients wants to upload, master generate a JWT
+ filer~>volume(public port)
+ master~>volume(public port)
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 23:34:29 +0000