techdocsmith commented on a change in pull request #11016:
URL: https://github.com/apache/druid/pull/11016#discussion_r600907928
##########
File path: docs/operations/security-overview.md
##########
@@ -23,66 +23,109 @@ title: "Security overview"
-->
-## Overview
+
+This document provides an overview of Apache Druid security features,
configuration instructions, and some best practices to secure Druid.
By default, security features in Druid are disabled, which simplifies the
initial deployment experience. However, security features must be configured in
a production deployment. These features include TLS, authentication, and
authorization.
-To implement Druid security, you configure authenticators and authorizers.
Authenticators control the way user identities are verified, while authorizers
map the authenticated users (via user roles) to the datasources they are
permitted to access. Consequently, implementing Druid security also involves
considering your datasource scheme, since that scheme represents the
granularity at which data access permissions are allocated.
-The following graphic depicts the course of request through the authentication
process:
+## Best practices
-
+* Run Druid as an unprivileged Unix user. Do not run Druid as the root user.
+ > **WARNING!** \
+ Druid administrator users have the same OS permissions as the Unix user
account running Druid. If the Druid process is running under the OS root user
account, then Druid administrators can read or write all files that the root
account has access to, including sensitive files such as `/etc/passwd`.
+* Enable authentication to the Druid cluster for production environments and
other environments that can be accessed by untrusted networks.
+* Do not expose the Druid Console without authentication on untrusted
networks. Authenticated Druid Console users have the same permissions as the OS
user running the Druid Console process.
+* Use an API gateway to restrict access from untrusted networks, create an
allow list of specific APIs that your users need to access, and implement
account lockout and throttling features.
Review comment:
Everything in that list should be in the API gateway. Might be clearer
with sub-bullets.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
