beanstalkd over the public net?

[Rob Sanheim]

What sort of security measures could be put in place to use beanstalk
over the net, when machines are not localized and cannot be in the
same private network? Or is this just a bad idea altogether? The one
thing that came to mind is using a VPN solution, which seems like too
much of a pain.

The use case we are thinking of is having some dedicated boxes
somewhere, which communicate to a cluster of machines at EC2 over
beanstalk...

thanks,
- Rob

[Dan Mayer]

You could use ssh tunneling

http://revsys.com/writings/quicktips/ssh-tunnel.html
http://en.wikipedia.org/wiki/Tunneling_protocol

Another option would be allow the data to go over regular public ports but actually encrypt the data before sticking it into the beanstalk queue, and then having workers immediately unencrypt it.

Our beanstalk server and workers are all on EC2 so we just have AWS firewall everything and have them set in a seperate security group. It is a interesting question of how best to deal with securely sending the data, so share whatever solution you end up using.

peace,
Dan

--
Dan Mayer
Co-founder, Devver
(http://devver.net)
follow us on twitter: http://twitter.com/devver
My Blog (http://mayerdan.com)

[jmj]

This is the exact option we're going with. It has a couple of
bennifits.

1) Encrypted. I think the advantage here is a bit obvious.
2) Authentication: Using preshared keys or public key encryption
(we'll be using pubkey), you can actually verify the other endpoint,
and even attach authorization to that.

In other words, encryption, gives you simple mechanisms to implement
two of the three A's (Authentication; Authorization; Accounting)

On Oct 23, 11:04 am, "Dan Mayer" <danma...@gmail.com> wrote:
> You could use ssh tunneling
>

> http://revsys.com/writings/quicktips/ssh-tunnel.htmlhttp://en.wikipedia.org/wiki/Tunneling_protocol