
Ameo – Redis-compatible distributed key-value store with WebSocket API - networked
http://marianoguerra.org/posts/ameo-redis-compatible-getsetdel-and-publishsubscribe-on-riak_core-with-websocket-api/
======
chatmasta
Cool. I implemented a similar toy project once, to directly expose a database
on the server to the client via web socket. I say “toy” because that’s
obviously incredibly insecure.

What are the security considerations here? If you have multiple clients,
should their topics be isolated? Presumably Alice should not be able to run a
DEL command on a topic owned by Bob. Where would you put code for
authentication / ACL?

~~~
e12e
> I say “toy” because that’s obviously incredibly insecure.

I trust postgres row-level access control a lot more than a php script with
dbowner access to the db - so I think this depends a lot on which db, and what
"direct access" means...

~~~
chatmasta
True. This was a college project years ago but recently I’ve been thinking
about revisiting it. With properly provisioned DB users, ACLs, and stored
procedures, it could actually end up being more secure than it would be with
an intermediary application server.

------
stephen_mcd
Cool!

I built CurioDB a while back with the same idea, but using Akka as the
underlying framework. Persistent Redis with distributed transactions, embedded
Lua and a websocket front-end:

[https://github.com/stephenmcd/curiodb](https://github.com/stephenmcd/curiodb)

------
edko
Is ameo related in any way to altayanta?

~~~
marianoguerra
linguistically yes, in any other way, I have no idea :)

------
vardump
Isn't WebSocket dead and buried, replaced by HTTP/2?

~~~
netcraft
I hadnt heard this - after a bit of digging it looks like SSE + http/2 will
replace a lot of the same use cases, but the consensus seems to be no:
[https://stackoverflow.com/questions/28582935/does-
http-2-mak...](https://stackoverflow.com/questions/28582935/does-http-2-make-
websockets-obsolete)

Interesting thought though - I think more options there will be better in the
long run, as long as it a "both" instead of an "either/or".

------
Animats
The title and article read like they were generated by a buzzword generator.

~~~
dang
Submitted title was "Ameo – Redis-compatible distributed KV store on riak_core
with WebSocket API"

