11  Security

11.1 Firewall

EdgeSet requires only port 443 (HTTPS) for normal operation. During setup, port 80 (for web setup) or port 22 (for terminal setup) can be used. After setup, ports 22 and 80 can be blocked. Port 5432 is optional.

EdgeSet listening ports
Port Protocol Purpose
22 TCP SSH: SSH interface (for setup)
80 TCP HTTP: Setup web interface (required only during setup)
443 TCP HTTPS: Web interface + Presto-compatible clients (required)
5432 TCP PostgreSQL: PostgreSQL-compatible interface

11.2 Data source credentials

EdgeSet stores all data source credentials (passwords, keys, etc.) encrypted on disk (in EdgeSet’s internal database). The credentials are also encrypted in EdgeSet backups. Once a data source is created, there is no way for a user or application to retrieve the data source credentials. When editing a data source, the credentials are not sent to the web interface.

EdgeSet decrypts the credentials when connecting to a data source. It also passes the credentials (in memory) to the query engine for executing queries.

11.3 User passwords

Only salted hashes of user passwords are stored.1


  1. Password hashes use a memory-hard function.↩︎