I’ve been writing about RapidMiner recently so I thought I’d take a look at their approach to security.
Security OverviewA good place to start is this white paper which gives the RapidMiner Security Overview. My big takeaway from this was that RapidMiner has four layers of security.
- Perimeter Security, this ensures the user is who they say they are
Data Access Security, this manages the data that the user can access
- Accountability, this records changes to the data over time
Data Protection, this encrypts the data so that it is protected
How to keep your RapidMiner environment secure
There are three things you need to be aware of to keep your RapidMiner environment secure:
- Changing the administrator password after the installation
- Create secure connections between RapidMiner Studio and RapidMiner Server
- Configure Radoop Proxy security — modifying the default settings created by the installer
These links take you to detailed information on how to do each of these things.
Restricting third-party extensions
From RapidMiner 7.2 onwards (the latest release is 7.5) RapidMiner has been working towards restricting what third-party extensions can do. This is to prevent certain dangerous calls from specific or unknown sources. This is the list of default restrictions for 3rd party extensions starting with RapidMiner Studio 7.2:
- File deletion outside of the
java.io.tempdirfolder and the .RapidMiner/extensions/workspace/rmx_yourExtension folder is not permitted.
ReflectPermissionis not granted at all. This includes both
suppressAccessChecks. Note that regular (non-invasive) usage of reflection is fine and still permitted!
- Trying to replace the
SecurityManagerof RapidMiner Studio is not permitted by any code whatsoever.
This comes from this RapidMiner post Security & Restrictions where you can read all the detail.
What do you think of how RapidMiner approach security?
Success is preparation meets opportunity – Jack
Jack blogs about community, social media and how all this data stuff impacts the rest of us
Other OptimalBI Blogs on Security include Security for data warehouses, the Dropbox security breach, how to protect yourself better and Column Security on SAS Datasets.
We run regular Data Requirements and Agile data warehouse training courses with an Agile business intelligence slant in both Wellington and Auckland