ptupitsyn commented on code in PR #5309: URL: https://github.com/apache/ignite-3/pull/5309#discussion_r1973473240
########## docs/_docs/administrators-guide/security.adoc: ########## @@ -0,0 +1,23 @@ += Cluster Security + +== User Security + +By default, all users can perform any updates on the cluster, or link:developers-guide/code-deployment/code-deployment[upload arbitrary code to the cluster] and perform remote code execution with link:developers-guide/compute/compute[distributed computing]. To improve security, we recommend configuring link:administrators-guide/security/permissions#user-permissions-and-roles[user roles] and link:administrators-guide/security/authentication#user-authorization[enabling authorization] on the cluster. + +== Communication + +By default, nodes use plain-text communication that is vulnerable to malicious actions. Ignite 3 separates communications between cluster nodes and communication with clients. + +== Node to Node Communication + +Communication between nodes usually happens within the same data center. We recommend the following to improve the security of your cluster: + +- Enable SSL for cluster communication with the `ignite.network.ssl` link:administrators-guide/config/node-config#network-configuration[node configuration]. +- Run the cluster in a trusted and isolated network. + +== Node to Client Communication + +Communication to clients is exposed to the internet. Only the client port (10800 by default) is exposed. To secure interaction with your clients: Review Comment: ```suggestion Client to server communication might be over internet (or otherwise untrusted network). Only the client port (10800 by default) is typically exposed outside of the cluster. To secure interaction with your clients: ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@ignite.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
