The Skytable Team is extremely happy to announce the release of Skytable 0.7.4. Skytable is a free and open-source NoSQL database that aims to provide flexibility in data modeling at scale. This release adds token-based auth, new partial entity syntax and some other improvements and important fixes.
Token-based authentication may not be what it exactly sounds like; instead, token-based authentication is very similar to password-based authentication, with the one exception that you never provide a password – but the server generates them for you. The merit of this approach is that having insecure passwords are bailed out. Skytable's auth system generates a cryptographically strong token with 54 characters from a 64 character long alphabet, which effectively has 3.496663695E+82 permutations. Now, this is an insane number, but you might still think about brute-force search attacks; but guess what – we thought about that too! Every login attempt begins an expensive verification operation based on bcrypt's rounds which eliminates the chances of brute-force search attacks.
Setting up authentication is pretty straightforward; all you need to do is set the origin key, using your preferred mode of configuration and then run
auth claim <origin-key> to claim the root account and then create as many standard users as you need using
auth adduser <username>. You can read more here.
The presence of an origin key makes it extremely simple for you to enable and disable authn while also facilitating easy recovery of passwords. Authn/authz also introduces the idea of a permission model which will see several enhancements in the coming releases including more fine-grained control. Also, for users who (correctly) use the
prod modes: you will need to have TLS-only mode enabled for using authn in production because no one wants to leak tokens!
Partial entity syntax
This is a small but nifty addition. Previously, to switch to entities you would need to run
use keyspace:table, but from now on you can switch to tables in the current keyspace using
use :table. We think this is super convenient!
Towards the next release
This release adds several other fixes and improvements; one notable one is the addition of multiple eval expressions in the CLI – you can run
skysh -e "heya once" -e "heya twice" from now on instead of running them separately. Several other actions have been added surrounding authn and authz including listing users, changing tokens and so on. Another notable fix is in the snapshot engine which prevented the snapshot engine from being initialized at startup and the snapshot key being ignored.
With 0.7.4 released, we're jumping right into the next major release (0.8, per RFC1); our first task will be to fix some appreciable technical debt that we have incurred over the 0.6 and 0.7 release tracks and then working on a new data model and new storage drivers, not to mention the upcoming new protocol Skyhash 2.0. Yeah, there's a lot coming; so hang in there!