Configuring User-defined Functions
UDF Runtime Modes
Vector UDFs can run securely in a container or in an unprotected process. After installing Vector, UDFs are set up to run in unprotected mode. Additional steps are required to enable secure UDFs.
Always run UDFs in a secure environment in production environments. Failing to do so allows UDF code to access server resources including disk and network. Running in secure mode ensures UDFs have access only to resources that are specifically enabled for UDF access. Security concerns apply to Python UDFs since Vector imposes no limits on the Python code users can execute. JavaScript UDFs also run in the secure environment when enabled.
Unprotected UDFs are suitable for development and test if the environment and UDF developers are trusted. Secure UDFs can also be used for development and test.
Unsecure UDFs
To enable Python UDFs in an unsecured process, follow the instructions in
How to Set up User-defined Functions on page 94
For JavaScript, no additional steps are needed.
Unsecured UDFs run in a separate process and not in the X100 engine. They will, however, have access to all machine resources (specifically Python).
Secure UDFs
Secure UDFs run in a container that strictly controls access to machine resources such as disk, network, and memory. UDFs running in this environment have access only to resources that are specifically granted to the UDF through the container.
Note: Secure Containerized UDFs are a development release. Please work with Actian Support before using such UDFs in a production environment.
IMPORTANT! Secure UDFs should be used in a production environment.
Last modified date: 06/28/2024