1. Operating StreamNative Platform

Security Overview

StreamNative Platform security model uses a flexible design and supports three security options: authentication, authorization, and network encryption.

  • StreamNative Platform authentication provides the identity for a client. It makes sure that everyone accessing the system is who they claim to be.
  • StreamNative Platform authorization determines what actions the identity can perform. It protects privacy by clearly defining what authorized personnel have access to and whether they can modify data or system behavior.
  • StreamNative Platform encryption ensures data is transferred and stored safely. It keeps data from being deciphered by unauthorized entities. StreamNative Platform supports enabling TLS for StreamNative Platform components and load balancer.

By default, the state of the Pulsar cluster is wide open and anyone can access it. Any client can communicate to the Pulsar cluster using a plain text service URLs and any connected clients are effectively acting as "superusers" able to perform all actions. This means your messages are coming in clear text without authentication. Your cluster is not secure.

Do not expose your Pulsar cluster on the public internet without first enabling TLS and authorization security on StreamNative Platform.

Previous
Message Rest API reference