• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Tim Cooke
  • Paul Clapham
  • Devaka Cooray
  • Bear Bibeault
  • Junilu Lacar
  • Knute Snortum
  • Liutauras Vilda
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Piet Souris
  • salvin francis
  • Carey Brown
  • Frits Walraven

Serverless Applications with Node.js: when not to use Serverless and security

Ranch Hand
Posts: 81
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are certain scenarios where server less may not fit well.
For example - AWS Lambda is stateless and allow execution of maximum 5 minutes. Server-less can also be expensive if you have very uniform predictable load.

Also security becomes issue when we do a paradigm shift to this new model. Whats your opinion about the points to be taken care before going server-less and when not to go server-less.
Saloon Keeper
Posts: 6361
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Also security becomes issue when we do a paradigm shift to this new model.

What do you mean? In what paradigm wouldn't security be an issue? How would it be a different issue for serverless computing?
Posts: 13
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Good question.

First, few months ago, AWS extended maximum execution time to 15 minutes for AWS Lambda. Also, AWS Lambda is not really stateless, it's more share-nothing, as you can store some data in /tmp folder for subsequent invocations, and they may or may not be there, depending if you are getting the same container/micro VM or not.

For security, I would say that serverless is more secure than what we had before. Let's talk about serverless functions, as something that holds and runs your code:
  • Your average function runs in less than 300ms, then it's gone. It's really hard to hack something that is available for less than a second periodically.
  • Your functions can and should have fine grained permissions, that make them more secure than ever. For example, our function can read just specific data from specific table from the database, or save file in a specific subpath of a specific S3 bucket.
  • Your function can be triggered by a specific event from AWS platform only. For example, if it's triggered by an Amazon SNS topic message, it can't be invoked by an API request (unless you are using AWS API with your admin credentials, and if you exposed that, someone is probably already mining bitcoins with your account and a security of your function is not your main concern at that moment).
  • A Lambda function is read-only, except /tmp, which is temporary. No one can change your code from the function itself.

  • I can go on, as the list is really long, but I hope this is enough to illustrate the point and answer your question.

    The fastest and most reliable components of any system are those that are not there. Tiny ad:
    Java file APIs (DOC, XLS, PDF, and many more)
      Bookmark Topic Watch Topic
    • New Topic