• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • paul wheaton
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Tim Holloway
  • Carey Brown
  • salvin francis

Serverless Applications with Node.js: when not to use Serverless and security

 
Ranch Hand
Posts: 81
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are certain scenarios where server less may not fit well.
For example - AWS Lambda is stateless and allow execution of maximum 5 minutes. Server-less can also be expensive if you have very uniform predictable load.

Also security becomes issue when we do a paradigm shift to this new model. Whats your opinion about the points to be taken care before going server-less and when not to go server-less.
 
Saloon Keeper
Posts: 5770
146
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Also security becomes issue when we do a paradigm shift to this new model.


What do you mean? In what paradigm wouldn't security be an issue? How would it be a different issue for serverless computing?
 
Author
Posts: 13
5
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey,

Good question.

First, few months ago, AWS extended maximum execution time to 15 minutes for AWS Lambda. Also, AWS Lambda is not really stateless, it's more share-nothing, as you can store some data in /tmp folder for subsequent invocations, and they may or may not be there, depending if you are getting the same container/micro VM or not.

For security, I would say that serverless is more secure than what we had before. Let's talk about serverless functions, as something that holds and runs your code:
  • Your average function runs in less than 300ms, then it's gone. It's really hard to hack something that is available for less than a second periodically.
  • Your functions can and should have fine grained permissions, that make them more secure than ever. For example, our function can read just specific data from specific table from the database, or save file in a specific subpath of a specific S3 bucket.
  • Your function can be triggered by a specific event from AWS platform only. For example, if it's triggered by an Amazon SNS topic message, it can't be invoked by an API request (unless you are using AWS API with your admin credentials, and if you exposed that, someone is probably already mining bitcoins with your account and a security of your function is not your main concern at that moment).
  • A Lambda function is read-only, except /tmp, which is temporary. No one can change your code from the function itself.


  • I can go on, as the list is really long, but I hope this is enough to illustrate the point and answer your question.


    Cheers,
    Slobodan
     
    I am not young enough to know everything. - Oscar Wilde This tiny ad thinks it knows more than Oscar:
    Enterprise-grade Excel API for Java
    https://products.aspose.com/cells/java
    • Post Reply Bookmark Topic Watch Topic
    • New Topic
    Boost this thread!