Security is a vast and complex topic, with many ramifications. We can only address some of them here. If you have security concerns that are not addressed here, please contact us and we'll be happy to discuss them with you.

Overview

Gallium Data usually runs as a Docker container. Under normal deployment settings, it does not expose any ports other than those defined as active connections.

Database authentication

Gallium Data does not have any database credentials: it acts as a pass-through for credentials and does not retain them in any way (unless you create a filter for that, but even then you'd be limited to what is visible on the wire).

Encryption

Network traffic will often be encrypted, usually using TLS 1.2. This means that Gallium Data needs to have a private key (and its trust chain if necessary).

You can use the same key and certificate(s) that you use on your database server(s), or you can use a different key for Gallium Data.

Code security

When you write server-side JavaScript code for a filter, you get complete access to the JavaScript environment, the underlying Java environment, and the operating system (Linux). However, because Gallium Data normally runs as a Docker container, Docker limits what can be done by the code. If code security is a concern, you can use your Docker environment (e.g. Kubernetes or whatever) to put limitations on what the container can and cannot do with regard to memory, CPU usage, network access, etc... But overall, Gallium Data considers that, if you are trusted enough to write code for a filter, you are trusted enough to access the full power of the underlying platform.

Admin app

The admin app is meant for development and debugging only, and has only minimum security features. When running Gallium Data in production, you will normally not open the REST/web ports.

Nevertheless, to avoid letting the app completely open, there are two features that can be used to bring some security to the admin app: giving it a password, and restricting IP addresses. This is done using the configuration file or configuration options, and provides some level of access control.