Recommendations for safeguarding your environment

When installing and configuring Spotfire® Statistics Services to use a statistical engine, you can take steps to protect the deployment, to minimize the risk of unauthorized access, and to minimize the possibility of malicious acts.

Statistical engines provide functions to access data and packages on the internet. Additionally, they have functions that access the host computer system, such as those for executing system commands, and those for reading and writing files. By their very design, these languages can expose computer systems to risk from bad actors, unless the deployer takes steps to secure the environments in which they run. We strongly recommend reviewing and implementing the practices described in these topics.

Protecting the deployment

  • Always run Spotfire Statistics Services behind a firewall to hide its ports. Using a firewall and/or configuring the operating system to limit accessible ports ensures that the system and Spotfire Statistics Services are not exposed externally.
  • Limit access (using the firewall) to ONLY those clients necessary. For example, if the intended use of Spotfire Statistics Services is only to support running Spotfire Data Functions from the TIBCO Spotfire® Web Player, block all connections from any machine other than the Spotfire® Web Player server.

Restricting user access

  • Run Spotfire Statistics Services using an account that limits network access to only required external data sources and services. (Note that taking this step can limit availability to data and package updates.)
  • ALWAYS run the Spotfire Statistics Services server as non-root user on the host operating system. (That is, not as root or under an Administrative account.)
  • If you are running a system where other servers have access to computers running Spotfire Statistics Services, disable passwordless access between the Spotfire Statistics Services server and other servers.

Configuring for tighter engine control

The following configuration settings are found in the file conf/spserver.properties.

  • Carefully curate the white-listed functions listed in the server property function.service.whitelist. See function.service.whitelist.
  • Preserve the default settings for using TERR in restricted mode (expression.service.enabled=false and terr.restricted.execution.mode=true). The configuration property terr.restricted.execution.mode applies only to deployments that are configured to use the TERR engine.For more information, see expression.service.enabled and terr.restricted.execution.mode.