RapidMiner Logo

How to keep your RapidMiner environment secure

by | Jun 21, 2017

RapidMiner Logo

I’ve been writing about RapidMiner recently so I thought I’d take a look at their approach to security.

Security Overview

RapidMiner Security overview

RapidMiner’s layered approach to security

A good place to start is this white paper which gives the RapidMiner Security Overview. My big takeaway from this was that RapidMiner has four layers of security.

  1. Perimeter Security, this ensures the user is who they say they are
  2. Data Access Security, this manages the data that the user can access
  3. Accountability, this records changes to the data over time
  4. Data Protection, this encrypts the data so that it is protected

How to keep your RapidMiner environment secure

There are three things you need to be aware of to keep your RapidMiner environment secure:

These links take you to detailed information on how to do each of these things.

Restricting third-party extensions

From RapidMiner 7.2 onwards (the latest release is 7.5) RapidMiner has been working towards restricting what third-party extensions can do. This is to prevent certain dangerous calls from specific or unknown sources. This is the list of default restrictions for 3rd party extensions starting with RapidMiner Studio 7.2:

  • File deletion outside of the java.io.tempdir folder and the .RapidMiner/extensions/workspace/rmx_yourExtension folder is not permitted.
  • ReflectPermission is not granted at all. This includes both newProxyInPackage.* and suppressAccessChecks. Note that regular (non-invasive) usage of reflection is fine and still permitted!
  • No RuntimePermissions except for accessDeclaredMembers, getenv.*, getFileSystemAttributes, readFileDescriptor, writeFileDescriptor, queuePrintJob, and shutdownHooks are granted.
  • No AWTPermissions except for listenToAllAWTEvents, setWindowAlwaysOnTop, and watchMousePointer are granted.
  • Trying to replace the SecurityManager of RapidMiner Studio is not permitted by any code whatsoever.

This comes from this RapidMiner post Security & Restrictions where you can read all the detail.
What do you think of how RapidMiner approach security?
Success is preparation meets opportunity – Jack
Jack blogs about community, social media and how all this data stuff impacts the rest of us
Other OptimalBI Blogs on Security include Security for data warehouses, the Dropbox security breach, how to protect yourself better and Column Security on SAS Datasets.
We run regular Data Requirements and Agile data warehouse training courses with an Agile business intelligence slant in both Wellington and Auckland

Submit a Comment

Your email address will not be published. Required fields are marked *