Is it safe to expose keto "read"/"public" port? #1424

nmapx · 2023-09-12T14:27:42Z

nmapx
Sep 12, 2023

Is it safe?
Assuming that it's running behind firewall, gateway and proxy but still - publicly accessible.
What worries me is the expand endpoint which might leak some confidential data when accessed with specific parameters.
Please advise.

Answered by vinckr

Sep 20, 2023

Hello @nmapx
While Ory Keto implements all Go best practices around running public-facing production HTTP servers, it is generally discouraged to have Ory Keto facing the public net directly. Even though it's behind a firewall, gateway, and proxy, it's recommended to run Ory Keto behind an API gateway or a load balancer for additional security.
Specifically, it's a good practice not to expose the Write API at all to the public internet. The Read API should also be protected as depending on your use case, it can reveal sensitive information (for example, who has permission to do something).

View full answer

vinckr · 2023-09-20T08:58:52Z

vinckr
Sep 20, 2023
Maintainer

Hello @nmapx
While Ory Keto implements all Go best practices around running public-facing production HTTP servers, it is generally discouraged to have Ory Keto facing the public net directly. Even though it's behind a firewall, gateway, and proxy, it's recommended to run Ory Keto behind an API gateway or a load balancer for additional security.
Specifically, it's a good practice not to expose the Write API at all to the public internet. The Read API should also be protected as depending on your use case, it can reveal sensitive information (for example, who has permission to do something).

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Is it safe to expose keto "read"/"public" port? #1424

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Is it safe to expose keto "read"/"public" port? #1424

nmapx Sep 12, 2023

Replies: 1 comment

vinckr Sep 20, 2023 Maintainer

nmapx
Sep 12, 2023

vinckr
Sep 20, 2023
Maintainer