Security Defaults
Generally speaking:
-
Hazelcast port 5701 is used for all communication by default. Please see the Port section for different configuration methods, and its attributes.
-
REST API and Memcache interfaces are disabled by default.
-
For all distributions (JAR, ZIP/TAR and cloud distributions), a security overview is shown on the Hazelcast startup (to inform whether the cluster is open to network or just local, which modules are enabled and disabled).
-
When a feature is disabled by default, an instructional message is shown regarding how to enable it.
Hazelcast provides the following security defaults for its different distributions.
If you are using hazelcast.jar:
-
Access to all available network interfaces is enabled since this distribution’s usage is mostly for distributed caching.
-
The Jet engine is disabled, see the Security Overview section for the reasoning.
-
Advanced features such as remote code deployment, SQL and pipelines are disabled.
If you are using Hazelcast download packages (ZIP/TAR):
-
This is a localhost-only setup, and all the features are enabled by default (both for full and slim distributions)
If you are using Hazelcast on Docker and Kubernetes environments:
-
Since these environments don’t allow any access unless specified explicitly, all the features are enabled in the Hazelcast distributions on these cloud environments.
Defaults by distribution type
The table shows which security hardening features are used by default in the given distribution type.
| Feature | ZIP/TAR Binaries | Homebrew/Debian/RPM | Maven/JAR | Docker |
|---|---|---|---|---|
Bind to localhost only |
✅ |
✅ |
❌ |
❌ |
Multicast discovery method disabled |
✅ |
✅ |
❌ |
❌ |
Advanced networking enabled |
❌ |
❌ |
❌ |
❌ |
Jet (and SQL) disabled |
❌ |
❌ |
✅ |
❌ |
Jet resource upload disabled |
❌ |
❌ |
✅ |
❌ |
User code deployment disabled |
✅ |
✅ |
✅ |
✅ |
REST health-check disabled |
❌ |
❌ |
✅ |
❌ |
Management Center scripting disallowed |
✅ |
✅ |
✅ |
✅ |
Management Center access to ConsoleApp disabled |
✅ |
✅ |
✅ |
✅ |
Management Center access from a specific IP only |
❌ |
❌ |
❌ |
❌ |
