2bethere commented on a change in pull request #10339:
URL: https://github.com/apache/druid/pull/10339#discussion_r483818138
##########
File path: docs/operations/security-overview.md
##########
@@ -0,0 +1,228 @@
+---
+id: security-overview
+title: "Security overview"
+---
+
+
+## Overview
+
+By default, security features in Druid are disabled, that is, TLS is disabled
and user authentication does not occur. To use these features, you need to
configure security in Druid.
+
+This document gives you an overview of security features in Druid and how to
configure them, and some best practices for securing Druid.
+
+
+## Best practices
+
+* Do not expose the Druid Console on an untrusted users or networks. Access to
the console effectively confers access the file system on the installation
machine, via file browsers in the UI. You should use an API gateway that
restricts who can connect from untrusted networks, whitelists the specific APIs
that your users need to access, and implements account lockout and throttling
features.
Review comment:
"Do not expose the Druid Console without authentication on untrusted
networks."
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
