• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

Serverless Applications with Node.js: when not to use Serverless and security  RSS feed

 
Ranch Hand
Posts: 81
Java Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are certain scenarios where server less may not fit well.
For example - AWS Lambda is stateless and allow execution of maximum 5 minutes. Server-less can also be expensive if you have very uniform predictable load.

Also security becomes issue when we do a paradigm shift to this new model. Whats your opinion about the points to be taken care before going server-less and when not to go server-less.
 
Saloon Keeper
Posts: 5487
143
Android Firefox Browser Mac OS X Safari Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Also security becomes issue when we do a paradigm shift to this new model.


What do you mean? In what paradigm wouldn't security be an issue? How would it be a different issue for serverless computing?
 
Author
Posts: 13
5
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey,

Good question.

First, few months ago, AWS extended maximum execution time to 15 minutes for AWS Lambda. Also, AWS Lambda is not really stateless, it's more share-nothing, as you can store some data in /tmp folder for subsequent invocations, and they may or may not be there, depending if you are getting the same container/micro VM or not.

For security, I would say that serverless is more secure than what we had before. Let's talk about serverless functions, as something that holds and runs your code:
  • Your average function runs in less than 300ms, then it's gone. It's really hard to hack something that is available for less than a second periodically.
  • Your functions can and should have fine grained permissions, that make them more secure than ever. For example, our function can read just specific data from specific table from the database, or save file in a specific subpath of a specific S3 bucket.
  • Your function can be triggered by a specific event from AWS platform only. For example, if it's triggered by an Amazon SNS topic message, it can't be invoked by an API request (unless you are using AWS API with your admin credentials, and if you exposed that, someone is probably already mining bitcoins with your account and a security of your function is not your main concern at that moment).
  • A Lambda function is read-only, except /tmp, which is temporary. No one can change your code from the function itself.


  • I can go on, as the list is really long, but I hope this is enough to illustrate the point and answer your question.


    Cheers,
    Slobodan
     
    WARNING! Do not activate jet boots indoors or you will see a tiny ad:
    how do I do my own kindle-like thing - without amazon
    https://coderanch.com/t/711421/engineering/kindle-amazon
    • Post Reply Bookmark Topic Watch Topic
    • New Topic
    Boost this thread!