11 Security
11.1 Firewall
EdgeSet requires only port 443 (HTTPS) for normal operation. During setup, port 80 (for web setup) or port 22 (for terminal setup) can be used. After setup, ports 22 and 80 can be blocked. Port 5432 is optional.
| Port | Protocol | Purpose |
|---|---|---|
| 22 | TCP | SSH: SSH interface (for setup) |
| 80 | TCP | HTTP: Setup web interface (required only during setup) |
| 443 | TCP | HTTPS: Web interface + Presto-compatible clients (required) |
| 5432 | TCP | PostgreSQL: PostgreSQL-compatible interface |
11.2 Data source credentials
EdgeSet stores all data source credentials (passwords, keys, etc.) encrypted on disk (in EdgeSet’s internal database). The credentials are also encrypted in EdgeSet backups. Once a data source is created, there is no way for a user or application to retrieve the data source credentials. When editing a data source, the credentials are not sent to the web interface.
EdgeSet decrypts the credentials when connecting to a data source. It also passes the credentials (in memory) to the query engine for executing queries.
11.3 User passwords
Only salted hashes of user passwords are stored.1
Password hashes use a memory-hard function.↩︎