Comments (8)
lukasender
commented on May 12, 2024
No, there is no option to secure the Crate admin interface with login credentials.
You could use traditional ways like firewalls, VPN, etc. to secure it.
The main reason why we do not support that is rather simple. One could still use our command-line tool crash (https://pypi.python.org/pypi/crash) and gain access to all the data.
Is there a specific use case you are looking into?
from crate.
ksasi
commented on May 12, 2024
okay,thanks for the clarification.I just thought about general security.For example if there are 2 applications using 2 different objects in crate, then may be the object specific to each application should only be visible/accessible to that application. So may be for such scenario, we may need different users/accounts along with credentials for each application to login and access respective objects.
from crate.
megastef
commented on May 12, 2024
@ksasi: Maybe my blog post gives you some insights of solving a such problems.
from crate.
dobe
commented on May 12, 2024
@ksasi ACLs are on our roadmap, but not implemented right now. so actually this kind of security has to be done on the application level right now. application level security is a common scenario for server-side applications like a web-service, where in most cases users only exist as normal database objects and the "real" database credentials are only used for securing the database connection itself - securing crate can be done via common http proxies or network level solutions such as iptables if needed.
however if you have a rich client application accessing crate via sql directly from each client, then this is not sufficient. it would be nice to have more insight on your use-case in order to refine our roadmap. thanks in advance, bernd
from crate.
devoncrouse
commented on May 12, 2024
How about Shield support with ES 1.4.2? Granted, this only helps those willing to pay for it. Just wondering if this will be supported naturally when Crate reaches that version.
from crate.
salyh
commented on May 12, 2024
I created some security stuff for elasticsearch, maybe i can help:
https://github.com/salyh/elasticsearch-security-plugin
https://github.com/salyh/elastic-defender
from crate.
seti123
commented on May 12, 2024
@dobe maybe you can try it during Snowsprint Hackathon? Regards to the other Snowsprinters ...
from crate.
chaudum
commented on May 12, 2024
CrateDB 2.3.0 (currently testing, https://crate.io/docs/crate/reference/en/latest/appendices/release-notes/2.3.0.html) added support for username/password authentication over HTTP protocol - which is used by the Admin UI.
You can find information how to secure the Admin UI in the "Authentication" docs https://crate.io/docs/crate/reference/en/latest/admin/auth/hba.html#authenticating-to-admin-ui and https://crate.io/docs/crate/reference/en/latest/admin/auth/index.html
User Authentication is an Enterprise feature.
from crate.
Related Issues (20)
- ElasticsearchUncaughtExceptionHandler] [crate1] uncaught exception in thread [main] HOT 2
- Expand blob data type limitations in the docs
- dev cluster hash join regression HOT 1
- JWT: support public keys caching HOT 3
- Architecture image not readable in dark mode HOT 1
- fdw/jdbc: Support and document adding additional jdbc drivers
- Improve insert performance for partitioned tables HOT 2
- max_shards_per_node not behaving as documented HOT 5
- Improve SQLParseException to include query and approximate position of the error. HOT 2
- COPY FROM does not work on all files inside folder HOT 10
- Vector Store: Provide distance functions as scalar functions HOT 3
- Support for CREATE TYPE HOT 5
- Unable to copy data between tables using the syntax: `INSERT INTO test2 (SELECT * FROM test)` HOT 5
- Docker image for 5.5.4 unavailable HOT 3
- Prepared Statements Incorrectly Storing Partition Information HOT 5
- Allow non-superusers to run ALTER TABLE REROUTE commands
- ArrayIndexOutOfBoundsException in complex query HOT 2
- Disallow setting both balance.index and balance.shard factors to 0
- Improve primary shards balancing/reduce primary shard write overhead HOT 1
- Support `GROUP BY ALL` HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crate.