You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2021/03/24 22:11:41 UTC

[GitHub] [druid] techdocsmith commented on a change in pull request #11016: Update security overview with additional recommendations

techdocsmith commented on a change in pull request #11016:
URL: https://github.com/apache/druid/pull/11016#discussion_r600907928



##########
File path: docs/operations/security-overview.md
##########
@@ -23,66 +23,109 @@ title: "Security overview"
   -->
 
 
-## Overview
+
+This document provides an overview of Apache Druid security features, configuration instructions, and some best practices to secure Druid.
 
 By default, security features in Druid are disabled, which simplifies the initial deployment experience. However, security features must be configured in a production deployment. These features include TLS, authentication, and authorization.
 
-To implement Druid security, you configure authenticators and authorizers. Authenticators control the way user identities are verified, while authorizers map the authenticated users (via user roles) to the datasources they are permitted to access. Consequently, implementing Druid security also involves considering your datasource scheme, since that scheme represents the granularity at which data access permissions are allocated. 
 
-The following graphic depicts the course of request through the authentication process: 
+## Best practices
 
 
-![Druid security check flow](../assets/security-model-1.png "Druid security check flow") 
+* Run Druid as an unprivileged Unix user. Do not run Druid as the root user.
+   > **WARNING!** \
+   Druid administrator users have the same OS permissions as the Unix user account running Druid. If the Druid process is running under the OS root user account, then Druid administrators can read or write all files that the root account has access to, including sensitive files such as `/etc/passwd`.
+* Enable authentication to the Druid cluster for production environments and other environments that can be accessed by untrusted networks.
+* Do not expose the Druid Console without authentication on untrusted networks. Authenticated Druid Console users have the same permissions as the OS user running the Druid Console process.
+* Use an API gateway to restrict access from untrusted networks, create an allow list of specific APIs that your users need to access, and implement account lockout and throttling features.

Review comment:
       Everything in that list should be in the API gateway. Might be clearer with sub-bullets.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org