What are the authentication/authorization options?

(Tuấn-Anh Nguyễn) #1

The doc mentions that there’s no security boundary or user-level access control.

How is this handled in practice? Can it be in the layers?

(Steve Atherton) #2

A layer could provide security if it is designed as a service which is deployed in between your clients and the actual FDB cluster.

(David Scherer) #3

This is properly the concern of layers, which have an actual data model to apply access control on!

The TLS plugin can provide authentication for access to a FoundationDB cluster as a whole.

FoundationDB is written in a memory unsafe language and has not been carefully audited for security bugs. So frankly it would be wisest to assume that any client that can connect to an fdbserver (and pass TLS authentication, if applicable) can exploit some bug in fdbserver and operate with its privileges! Again, layers are likely written in safer languages and are a much better place to put the security boundary around your database.

(Tuấn-Anh Nguyễn) #4

That makes sense. Thanks!