问题
Guess this is an embarrassing beginner question,anyways...
In the OrientDB documentation under "server security" we find:
While OrientDB Server can function as a regular Web Server, it is not recommended that you expose it directly to either the Internet or public networks. Instead, always hide OrientDB server in private networks.
Does this mean that the port 2480 which OrientDB uses for listening to HTTP connections should be open only locally but not being exposed to the outside world?
回答1:
The OrientDB HTTP API documentation states that you have to use HTTP Basic authentication for issuing commands. That means you have to include an Authorization header along with your request.
Below are some links that might find useful in which it is discussed the safety issue:
Security concern
security-in-rest-api
OrientDB v2.2 is very focused about security, tt was made a step forward in this direction (SALTed passwords, encryption at rest (DES/AES on storage), disabled of access to OUSer, mask of passwords on Server's console and salted password also in the server).
回答2:
You can use a reverse proxy to "hide" your OrientDB server from the public web. I am on an AWS AMI Linux machine. Using httpd I created a file in /etc/httpd/conf.d called virtualhosts.conf. How you set up virtualhosts may depend on your linux flavor. Contents of virtualhosts.conf:
<VirtualHost *:80>
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ServerName orientdb.mydomain.com
DocumentRoot $ORIENTDBHOME$/www
ProxyRequests Off
ProxyPass / http://127.0.0.1:2480/
ProxyPassReverse / http://127.0.0.1:2480/
</VirtualHost>
<VirtualHost *:80>
ServerName www.mydomain.com
DocumentRoot /var/www
</VirtualHost>
Substitute $ORIENTDBHOME$ with the path to your OrientDB install. So my subdomain orientdb (orientdb.mydomain.com) forwards to the OrientDB server at port 2480 but the browser maintains the orientdb.mydomain.com URL. I followed the instructions here, but also added a virtualhost for my main domain.
Update: Do the same Proxy settings for in your ssl.conf file if you have an SSL certificate for your subdomain and you have it set up as a virtualhost. (Copy/paste the last three lines from the above VirtualHost into your virtualhost for SSL).
Update 2: You probably don't even want to expose the *:80 one to the public, but it's shown for demonstration. You probably can also forward to https, but you'll have to keep looking for that solution.
来源:https://stackoverflow.com/questions/36028628/server-security-and-accessing-orientdb-via-rest