2bethere commented on a change in pull request #10339: URL: https://github.com/apache/druid/pull/10339#discussion_r483819133
########## File path: docs/operations/security-overview.md ########## @@ -0,0 +1,228 @@ +--- +id: security-overview +title: "Security overview" +--- + + +## Overview + +By default, security features in Druid are disabled, that is, TLS is disabled and user authentication does not occur. To use these features, you need to configure security in Druid. + +This document gives you an overview of security features in Druid and how to configure them, and some best practices for securing Druid. + + +## Best practices + +* Do not expose the Druid Console on an untrusted users or networks. Access to the console effectively confers access the file system on the installation machine, via file browsers in the UI. You should use an API gateway that restricts who can connect from untrusted networks, whitelists the specific APIs that your users need to access, and implements account lockout and throttling features. +* Grant users the minimum permissions necessary to perform their functions. For instance, do not allow user who only need to query data to write to data sources or view state. +* Disable JavaScript, as noted in the [Security section](https://druid.apache.org/docs/latest/development/javascript.html#security) of the JavaScript guide. +* Run Druid as an unprivileged Unix user on the installation machine (not root). Review comment: Run Druid as an unprivileged Unix user on the installation machine (not root). Administrator users on Druid have the same permission of the unix user account it is running under. If the Druid process is running under root user account in the OS, then Administrator users on Druid can read/write all files that the root account has access to, including sensitive files such as /etc/passwd. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
