This is a prerelease version.

View latest

Security Defaults

Generally speaking:

  • Hazelcast port 5701 is used for all communication by default. Please see the Port section for different configuration methods, and its attributes.

  • REST API and Memcache interfaces are disabled by default.

  • For all distributions (JAR, ZIP/TAR and cloud distributions), a security overview is shown on the Hazelcast startup (to inform whether the cluster is open to network or just local, which modules are enabled and disabled).

  • When a feature is disabled by default, an instructional message is shown regarding how to enable it.

Hazelcast provides the following security defaults for its different distributions.

If you are using hazelcast.jar:

  • Access to all available network interfaces is enabled since this distribution’s usage is mostly for distributed caching.

  • The Jet engine is disabled, see the Security Overview section for the reasoning.

  • Advanced features such as remote code deployment, SQL and pipelines are disabled.

If you are using Hazelcast download packages (ZIP/TAR):

  • This is a localhost-only setup, and all the features are enabled by default (both for full and slim distributions)

If you are using Hazelcast on Docker and Kubernetes environments:

  • Since these environments don’t allow any access unless specified explicitly, all the features are enabled in the Hazelcast distributions on these cloud environments.