Security hardening

request_recorded

#1

Hello,

I would like to know what plans there are for security hardening cryoSPARC. Currently the webapp runs in http so there is no encryption for passing credentials and all is done in clear text.

I understand that not everyone would want to run the application in a secure fashion but there should be options to make the application more secure using https and certificates. Also if it was secured then allowing users to reset their password through the web would be feasible.

Thank you


#2

Hi @clil16,

Thanks for the question. We definitely have plans in the near future that add support for enhanced security out-of-the-box and user management (including the ability to create accounts and reset passwords through the web interface).

Currently, cryoSPARC is usually deployed on internal networks and accessed through SSH tunnelling or VPN, which is encrypted. Additionally, it’s common practice to use a reverse-proxy such as NGINX installed on the machine running cryoSPARC (or any other web application, for that matter) combined with an SSL certificate (for example, a self-signed certificate for local use or one generated by a certificate authority for the public internet) to run the application through HTTPS.

Hope that helps! Please let me know if you have any other questions.

Regards,
Suhail


#3

Hi @sdawood,

Thank you for your response. Is there any timetable for allowing users to reset their passwords via the web interface?

If you have separate worker nodes is the communication between the master and worker nodes encrypted?


#4

@sdawood
Just to clarify. When you have separate master and worker nodes:
the master and first worker node communicates over port 39001.
the master and second worker node communicates over port 39002.

My question is if the communication over ports 39001 and 39002 is secure? I have yet to analyze the traffic that flows between the hosts but I’d like to know.