In terms of MongoDb terminology what are
Bound Service
Service
in AppFog MongoDb service?
Is Bound Service the db name? Or is it the collection name?
A service means a running instance of a software (e.g. MongoDB). Its there and is running, but not related to any client process. You have no idea what endpoint or credentials it needs as your PAAS provider manages it.
Bound service means exposing service's endpoint to your app, with appropriate credentials. For example:
if(process.env.VCAP_SERVICES){
var env = JSON.parse(process.env.VCAP_SERVICES);
var mongo = env['mongodb-1.8'][0]['credentials'];
}
Here the App process's environment variable VCAP_SERVICES holds connection data of those services which have been bound to this App's process. Connection data is auto configured for you by PAAS provider, here mongo object has it already, you need not remember URL, Post, username, password etc for that service.
So, a service bound to your App has its connection data readily available to you, through the environment variable.
Refer to Appfog's docs on services here.
Related
Using node-red Worldmap node to display data on a map. This instance of node-red is hosted in IBM Bluemix - any ideas on how I can restrict who can see the map?
That node itself doesn't have the functionality but node-red itself has a handy way of securing endpoints that are exposed by your nodes.
From the node-red documentation:
HTTP Node security
The routes exposed by the HTTP In nodes can be secured using basic authentication.
The httpNodeAuth property in your settings.js file can be used to define a single username and password that will be allowed to access the routes.
httpNodeAuth: {user:"user",pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."},
The pass property uses the same format as adminAuth. See Generating the password hash for more information.
Access to any static content defined by the httpStatic property can be secured using the httpStaticAuth property, which uses the same format.
There's a chance the above only affects the official HTTP nodes and not HTTP endpoints exposed by 3rd party nodes. If that's the case then you'll need to implement your own authentication on the route.
There's a good example of how to get started on this using the express router here:
NodeJS + Express: How to secure a URL
I am creating a webapp for data analysis. I want to use Redis to store the data that the user has uploaded so that I can send it to other pages/views. This data is only valid during the session and should expire when the session expires.
Is this a violation of REST principles? Or is this only a problem if I use some value that I have stored server side as session key/identifier?
With your updates what you can do is to upload the data, generate a key against it, place it in Redis and keep it in hash(with meta data) or list(if there could be more than one upload). They list/hash key could be identified by the user id.
Then moving forward, let the client refer to this object using the generated id.
Actually one of the best practices is to use Redis over the internet is to expose a REST API and handle all communication using your Web Server. Redis is always kept in a secure network since Redis doesn't provide any security.
On Redis website
Network security
Access to the Redis port should be denied to everybody but trusted
clients in the network, so the servers running Redis should be
directly accessible only by the computers implementing the application
using Redis.
In the common case of a single computer directly exposed to the
internet, such as a virtualized Linux instance (Linode, EC2, ...), the
Redis port should be firewalled to prevent access from the outside.
Clients will still be able to access Redis using the loopback
interface.
This is also a basic practice when using traditional databases.
Cross-posting as advised from DeveloperWorks: https://developer.ibm.com/answers/questions/212469/can-an-application-hosted-outside-bluemix-access-s.html
I am exploring a scenario wherein I have an existing Java application hosted on-premises outside BlueMix. I want to make it horizontally scalable. As part of this change I would like to know if I can provision a BlueMix Session Cache service to store the application's session state externally. The application will continue to be hosted outside BlueMix but use BlueMix Session Cache for session state management.
It is not possible at the moment.
Although a person can setup a Liberty runtime with the right connection information copied from VCAP and runtime variables, and use it to host a web application that use session cache client, this machine is outside Bluemix and won't be trusted by the network. As a result, it won't be able to connect to the session cache within Bluemix.
I saw the following document.
https://www.ng.bluemix.net/docs/services/SecureGateway/index.html#sg_overview
In the summary near the end, it says "Provision the service and bind it to your app". But do I really need to bind the secure gateway service to my app? I could access the secure gateway's destination without binding the service.
I found the same when testing with DB2 and could access the gateway without binding, too.
Binding a service to an app is for the metadata and simplifies administration and deployment. If you delete an app, the related services will also be removed. If you try to delete a service bound to an app, there should be a warning. So what is in the documentation makes sense (at least this time...).
You are correct. Since the Secure Gateway service does not actually use VCAP services there are no advantages to binding your application to the service instance.
I get that it wont be possible to bind the service and therefore not use the VCAP_SERVICES, and credentials would need to be managed in another way.
Since the communication would go via the internet, I guess the question is really:
Does the SSO service have an API that can be reached from outside of Bluemix?
Yes the SSO service can be reached from outside Bluemix and therefore also from apps deployed on UK.
However, to retrieve the credentials you need to create an SSO service on US and then bind an app to it and inspect the VCAP_SERVICES. This is due to how Cloud Foundry works. Read more here