This is an automated email from the ASF dual-hosted git repository.
ptupitsyn pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push:
new 7b8b4bae386 IGNITE-21542 Add documentation on Ignite Security Model
(#11277)
7b8b4bae386 is described below
commit 7b8b4bae386be9396182d367a30e0387642e032f
Author: oleg-vlsk <[email protected]>
AuthorDate: Tue May 14 14:50:39 2024 +1000
IGNITE-21542 Add documentation on Ignite Security Model (#11277)
---
docs/_data/toc.yaml | 4 +++-
docs/_docs/security/security-model.adoc | 20 ++++++++++++++++++++
2 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/docs/_data/toc.yaml b/docs/_data/toc.yaml
index 11472772401..225a73ac4e0 100644
--- a/docs/_data/toc.yaml
+++ b/docs/_data/toc.yaml
@@ -472,7 +472,9 @@
url: tools/index-reader
- title: Security
url: security
- items:
+ items:
+ - title: Security Model
+ url: security/security-model
- title: Authentication
url: security/authentication
- title: SSL/TLS
diff --git a/docs/_docs/security/security-model.adoc
b/docs/_docs/security/security-model.adoc
new file mode 100644
index 00000000000..eb02d4472cd
--- /dev/null
+++ b/docs/_docs/security/security-model.adoc
@@ -0,0 +1,20 @@
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+= Security Model
+
+When it comes to Apache Ignite security, it is very important to note that by
having access to any Ignite cluster node (a server node or a thick client node)
it is possible to perform malicious actions on the cluster. There are no
mechanisms that could provide protection for the cluster in such scenarios.
+
+Therefore, all
link:../clustering/network-configuration.adoc#_discovery[Discovery] and
link:../clustering/network-configuration.adoc#_communication[Communication]
ports for Ignite server and thick client nodes should only be available inside
a protected subnetwork (the so-called demilitarized zone or DMZ). Should those
ports be exposed outside of DMZ, it is advised to control access to them by
using SSL certificates issued by a trusted Certification Authority (please see
this link:ssl-tl [...]
+
