• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Paul Clapham
  • Devaka Cooray
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Frits Walraven
Bartenders:
  • Carey Brown
  • salvin francis
  • Claude Moore

Serverless Applications with Node.js: when not to use Serverless and security  RSS feed

 
Ranch Hand
Posts: 81
Java Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are certain scenarios where server less may not fit well.
For example - AWS Lambda is stateless and allow execution of maximum 5 minutes. Server-less can also be expensive if you have very uniform predictable load.

Also security becomes issue when we do a paradigm shift to this new model. Whats your opinion about the points to be taken care before going server-less and when not to go server-less.
 
Saloon Keeper
Posts: 5412
143
Android Firefox Browser Mac OS X Safari Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Also security becomes issue when we do a paradigm shift to this new model.


What do you mean? In what paradigm wouldn't security be an issue? How would it be a different issue for serverless computing?
 
Author
Posts: 13
5
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey,

Good question.

First, few months ago, AWS extended maximum execution time to 15 minutes for AWS Lambda. Also, AWS Lambda is not really stateless, it's more share-nothing, as you can store some data in /tmp folder for subsequent invocations, and they may or may not be there, depending if you are getting the same container/micro VM or not.

For security, I would say that serverless is more secure than what we had before. Let's talk about serverless functions, as something that holds and runs your code:
  • Your average function runs in less than 300ms, then it's gone. It's really hard to hack something that is available for less than a second periodically.
  • Your functions can and should have fine grained permissions, that make them more secure than ever. For example, our function can read just specific data from specific table from the database, or save file in a specific subpath of a specific S3 bucket.
  • Your function can be triggered by a specific event from AWS platform only. For example, if it's triggered by an Amazon SNS topic message, it can't be invoked by an API request (unless you are using AWS API with your admin credentials, and if you exposed that, someone is probably already mining bitcoins with your account and a security of your function is not your main concern at that moment).
  • A Lambda function is read-only, except /tmp, which is temporary. No one can change your code from the function itself.


  • I can go on, as the list is really long, but I hope this is enough to illustrate the point and answer your question.


    Cheers,
    Slobodan
     
    Paper jam tastes about as you would expect. Try some on this tiny ad:
    Create Edit Print & Convert PDF Using Free API with Java
    https://coderanch.com/wiki/703735/Create-Convert-PDF-Free-Spire
    • Post Reply Bookmark Topic Watch Topic
    • New Topic
    Boost this thread!