Skip to content

Latest commit

 

History

History
162 lines (108 loc) · 6.98 KB

Server-Security.md

File metadata and controls

162 lines (108 loc) · 6.98 KB
search
keywords
security
server security

Server Security

Individual OrientDB servers can manage multiple databases at a time and each database can have its own set of users. When using OrientDB through the HTTP protocol, the OrientDB server uses one realm per database.

While OrientDB can function as a regular Web Server, it is not recommended that you expose it directly to the internet or to public networks. Instead, always hide the OrientDB server within a private network.

Server users are stored in the config/orientdb-server-config.xml configuration file, in the <users> element.

    <users>
        <user name="root" password="{PBKDF2WithHmacSHA256}55F3DEAE:DLJEJFDKY8:65536" resources="*" />
        <user name="guest" password="{PBKDF2WithHmacSHA256}B36E7993C961:C8C8B36F3:65536" resources="connect,server.listDatabases,server.dblist" />
    </users>

When the OrientDB server starts for the first time, it creates the user root automatically, by asking you to give the password in the terminal. In the event that you do not specify a password, OrientDB generates a random password. Beginning with version 2.2, OrientDB hashes the passwords using PBKDF2WithHmacSHA256 algorithm if it's running on Java 8 or major, otherwise PBKDF2WithHmacSHA1 with a configurable SALT.

For more information on security in Orientdb, see:

Configuration

While the default users and passwords are fine while you are setting your system up, it would be inadvisable to leave them in production. To help restrict untrusted users from accessing the OrientDB server, add a new user and change the passwords in the config/orientdb-server-config.xml server configuration file.

To restrict unauthorized users from giving themselves privileges on the OrientDB server, disable write-access to the configuration file. To help prevent them from viewing passwords, disable read-access as well. Note that even if the passwords are hashed, there are many techniques available to crack the hash or otherwise guess the real password.

It is strongly recommended that you allow read/write access to the entire config directory only to the user that starts the OrientDB server.

Managing Users

Beginning with version 2.2, the OrientDB console provides a series of commands for managing users:

Server Resources

Each user can declare which resources have access. The wildcard * grants access to any resource. By default, the user root has all privileges (*), so it can access all the managed databases and operations.

Resources Permission to
database.create Create a new database in the server
database.drop Drop a database
database.exists Check the existence of a database
database.freeze Freeze the access to a database
database.release Release a frozen database
database.passthrough Allow access to all managed databases
server.config.get Retrieve server's setting
server.config.set Update server's setting
server.connect Connect to a server
server.info Retrieve server's information and statistics
server.listDatabases Enlist available databases on the server
server.listDatabases.system Include the OSystem database in the list of databases
server.replication Execute a replication command from another server
server.replication.start Start the replication of a database
server.replication.stop Stop the replication of a database
server.replication.config Update the replication configuration
server.shutdown Shutdown a server

For example,

<user name="replicator" password="repl" resources="database.passthrough"/>

Securing Connections with SSL

Beginning with version 1.7, you can further improve security on your OrientDB server by securing connections with SSL. For more information on implementing this, see Using SSL.

Restoring the User admin

In the event that something happens and you drop the class OUser or the user admin, you can use the following procedure to restore the user to your database.

  1. Ensure that the database is in the OrientDB server database directory, $ORIENTDB_HOME/database/ folder.

  2. Launch the console or studio and log into the database with the user root.

    $  $ORIENTDB_HOME/bin/console.sh
    
    OrientDB console v.X.X.X (build 0) www.orientdb.com
    Type 'HELP' to display all the commands supported.
    Installing extensions for GREMLIN language v.X.X.X
    
    orientdb> CONNECT remote:localhost/my_database root rootpassword
    
  3. Check that the class OUser exists:

    orientdb> SELECT FROM OUser WHERE name = 'admin'
    
    • In the event that this command fails because the class OUser doesn't exist, create it:

      orientdb> CREATE CLASS OUser EXTENDS OIdentity
      
    • In the event that this command fails because the class `OIdentity doesn't exist, create it first:

      orinetdb> CREATE CLASS OIdentity
      

      Then repeat the above command, creating the class OUser

  4. Check that the class ORole exists.

    orientdb> SELECT FROM ORole WHERE name = 'admin'
    
    • In the event that the class ORole doesn't exist, create it:

      orientdb> CREATE CLASS ORole EXTENDS OIdentity
      
  5. In the event that the user or role admin doesn't exist, run the following commands:

    • In the event that the role admin doesn't exist, create it:

      orientdb> INSERT INTO ORole SET name = 'admin', mode = 1, 
                rules = { "database.bypassrestricted": 15 }
      
    • In the event that the user admin doesn't exist, create it:

      orientdb> INSERT INTO OUser SET name = 'admin', 
                password = 'my-admin_password', status = 'ACTIVE', 
                rules = ( SELECT FROM ORole WHERE name = 'admin' )
      

The user admin is now active again on your database.

Restoring the Server's User root

  1. Open the config/orientdb-server-config.xml file and remove the "root" user entry
  2. Remove the tag <isAfterFirstTime>true</isAfterFirstTime> at the end of the file
  3. On next restart of the server, a new root password is asked again