sebastian-nagel commented on code in PR #3: URL: https://github.com/apache/nutch-site/pull/3#discussion_r3075067188
########## content/documentation/security.md: ########## @@ -0,0 +1,64 @@ ++++ +title = "Security" +description = "Reporting Nutch security issues and an explanation of the Nutch security model" +weight = 10 +draft = false +toc = true +bref = "" + ++++ + +## Reporting Security Issues of Apache Nutch + +The Apache Software Foundation is very active in eliminating security problems and denial-of-service attacks against its products. + +We strongly encourage people to report security issues privately via the [ASF Security Team](https://www.apache.org/security/)'s mailing list before disclosing them publicly. + +Please note that the security mailing list is intended solely for reporting undisclosed security vulnerabilities and managing the process of fixing them. We cannot accept regular bug reports or other queries at this address. Any email sent to this address that does not relate to an undisclosed security vulnerability in the Nutch source code will be ignored. + +The private security mailing address is: [email protected] + +## Security Model + +Apache Nutch is designed to operate in trusted environments, either locally or on a Hadoop cluster. + +This section outlines the security model and key security considerations. Understanding how to use and deploy Nutch in a secure manner is mandatory. + +#### Trusted Configuration + +The configuration files used by Nutch are loaded during job execution. These files are treated as a trusted source and must not involve any user-supplied input at runtime. + +#### Nutch Runtime + +Nutch can be run on a local instance or on a Hadoop cluster. For both runtimes, it is mandatory that access to the runtime must be restricted to trusted users. Securing the Nutch runtime is essential. For information on securing a Hadoop cluster, please refer to the [Apache Hadoop security page](https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html). + +#### Nutch Server and REST API Review Comment: Done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
