dosubot[bot] commented on issue #2816: URL: https://github.com/apache/incubator-hugegraph/issues/2816#issuecomment-2990673668
<!-- Answer --> 目前 HStore(HugeGraph 分布式存储组件)本身没有内置鉴权(认证/授权)机制,无论是在配置文件还是协议层都没有相关参数或模块。也就是说,HStore 节点之间的访问默认是无鉴权的,无法通过配置直接开启账号密码或 token 校验【源码分析结论,详见 application.yml 配置与 gRPC 协议定义】。 如果你需要在生产环境下对 HStore 的访问进行安全控制,建议通过外部手段实现,比如:反向代理(如 Nginx)、VPN、网络防火墙策略或服务网格(Service Mesh)等方式,对网络层流量进行隔离和认证。这样可以有效防止未授权访问。 如果你对 HugeGraph Server 层的 REST API 鉴权有需求,可以通过配置 REST 服务的 Basic Auth 实现,但这不影响 HStore 层的分布式存储节点间通信【参考:所有鉴权数据由 PD 节点集中管理,Server 节点仅做转发,见相关 issue 说明】。 如需具体的外部鉴权方案或配置示例,可以补充你的网络环境和安全需求。 <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/47f5628f-bd88-449c-b0cd-685d01787ada?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/47f5628f-bd88-449c-b0cd-685d01787ada?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/47f5628f-bd88-449c-b0cd-685d01787ada?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/47f5628f-bd88-449c-b0cd-685d01787ada?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/47f5628f-bd88-449c-b0cd-685d01787ada?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/47f5628f-bd88-449c-b0cd-685d01787ada?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/47f5628f-bd88-449c-b0cd-685d01787ada?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [! [Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/incubator-hugegraph/issues/2816) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
