2.7 Security

When starting the MonetDB Server, it will open two network ports on your system (the mapi_port and the xrpc_port (by default 50000 and 50001), configurable in the MonetDB.conf file (see MonetDB.conf).

by default, however, the server is inaccessible from other machines.

If you want the database to be accessible from the outside, you must:

• modify your firewall configuration to open (one of) these ports.
• additionally, for mclient -lx access, set the mapi_open variable to yes.
• additionally, for XRPC access, set the xrpc_open variable to yes, and enter in xrpc_trusted the URI prefixes of XQuery modules from which functions are allowed to be executed (note that making it empty will allow any module to be executed!).
• finally, to allow access to the Administrative GUI from another machine, add those machine names to xrpc_admin variable (note that making it empty will allow connections from anywhere!).

2.7.1 Security Warning

Before opening up access, take note of the following issues:

• Currently, MonetDB/XQuery lacks proper authentication. There is a single user with administrative rights and fixed passwords, and SSL is not available yet. This will be fixed by the the upcoming version 5 port of MonetDB/XQuery.
• Consequently, access to the database is all or nothing: either nobody has access or anybody. And, all users can make changes, delete documents, etc. That is, there is no concept of restricted user rights (everybody is an administrator)
• The fact that the fn:doc() function allows to read documents from a file path means that any XML file that can be read by the user that started Mserver will be accessible from the outside. For this reason, it is advisable to install MonetDB under a user account with restricted permissions (as MonetDB is not a Windows Service yet, this is not practical on Windows).
• Moreover, the MonetDB server was not designed with security as a first goal, so may be susceptible to e.g. buffer overrun attacks. Thus, while in principle users are just able to execute XQueries, an open port could in the worst case lead to your computer being hacked.

As a consequence, we strongly advise not to allow mclient access to MonetDB/XQuery from the internet. If mclient access is opened up for other machines inside your organization, your firewall must block access to it from the internet. The same goes for the Administrative GUI (xrpc_admin). For XRPC access, internet access might be given if the xrpc_trusted only lists those XQuery modules that you have verified to contain only innocuous functions. Still, you must be aware that you take the risk of running into an unknown buffer overrun issues, and might face denial-of-service attacks (by hackers that may send queries that slow down or crash your system).

Disclaimer: the CWI provides MonetDB/XQuery "as-is" for free, and does not accept any liability for its use (see the MonetDB License and Pathfinder License).