Chapter 7. Understanding Security in Presto
Securing a Presto cluster involves building secure communication, authenticating the parties involved, and authorizing actors. Secure communication is the process of exchanging information between two parties to prevent unauthorized access to the data. Authentication verifies that users are who they claim to be, and authorization grants access to resources based on the user’s identity.
The chapter is organized into four parts. In the first part, we’ll define the scenario we’ll implement throughout the chapter. Next, you’ll learn how to build secure communication in Presto through encryption, keystore management, and HTTPS/TLS. In the third part, we’ll focus on three types of authentication: file-based authentication, LDAP-based authentication, and Kerberos-based authentication. Finally, you’ll learn how to manage authorization in Presto through system access control and Apache Ranger.
Introducing Presto Security
In previous chapters, we assumed that our cluster of nodes was trusted and that there were no threats from the outside. This trustworthiness is because we have considered that all the nodes belonging to the cluster work together, and there is no unauthorized access to the data. In a real environment, however, this is not true. A cluster can be subject to various attacks, including unauthorized access to data, data theft, data corruption, or even service disruption. In a worst-case scenario, the cluster could become completely ...
Get Learning and Operating Presto now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
