Vector UDFs can run securely in a container or in an unprotected process. After installing Vector, UDFs are set up to run in unprotected mode. Additional steps are required to enable secure UDFs.

Always run UDFs in a secure environment in production environments. Failing to do so allows UDF code to access server resources including disk and network. Running in secure mode ensures UDFs have access only to resources that are specifically enabled for UDF access. Security concerns apply to Python UDFs since Vector imposes no limits on the Python code users can execute. JavaScript UDFs also run in the secure environment when enabled.

Unprotected UDFs are suitable for development and test if the environment and UDF developers are trusted. Secure UDFs can also be used for development and test.

To enable Python UDFs in an unsecured process, follow the instructions in How to Set up User-defined Functions on page 94

For JavaScript, no additional steps are needed.

Unsecured UDFs run in a separate process and not in the X100 engine. They will, however, have access to all machine resources (specifically Python).

Secure UDFs run in a container that strictly controls access to machine resources such as disk, network, and memory. UDFs running in this environment have access only to resources that are specifically granted to the UDF through the container.