# ask-ai


02/29/2024, 9:12 PM
How are teams securing the web ui when using open source?


02/29/2024, 9:12 PM
Securing the web interface for Dagster when deploying with open-source tools is an important consideration. The documentation mentions that securing data in modern data pipelines includes techniques such as encryption, access control, and data anonymization. While the documentation does not provide a step-by-step guide for securing the web UI specifically, it does highlight that Dagster Cloud offers role-based access control (RBAC) to provide granular control over who can execute or modify parts of your data platform. For open-source deployments, similar principles would apply. You would typically secure the web UI by implementing some form of access control, such as: 1. Authentication: Ensuring that only authorized users can log in to the Dagster web interface. This could involve integrating with existing identity providers or implementing a custom authentication mechanism. 2. Authorization: Once users are authenticated, you would use authorization mechanisms to control what actions they can perform within the web UI. This could be based on roles, groups, or individual permissions. 3. Encryption: Using HTTPS to encrypt traffic between the client and the web server hosting the Dagster web UI to prevent eavesdropping and man-in-the-middle attacks. 4. Network Security: Restricting network access to the web UI using firewalls or security groups to ensure that only traffic from allowed sources can reach the interface. 5. Monitoring and Auditing: Keeping logs of user activity within the web UI and monitoring for any suspicious behavior. It's important to note that while Dagster Cloud provides built-in RBAC, teams using the open-source version would need to implement these security measures themselves or leverage third-party tools and services to achieve a similar level of security. For specific guidance on securing the web UI in an open-source deployment, such as when using ECS (Elastic Container Service), the documentation does not provide a detailed answer, and it appears that there is an unanswered question in the discussions on this topic. Therefore, teams may need to rely on general best practices for web application security and the capabilities of their chosen infrastructure and deployment environment to secure the Dagster web UI.