What are the security/confidentiality risks associated with KNIME's reliance on Rserve?

Hi,

For a while now, KNIME has required Rserve for the R integration nodes to work.
I wonder whether the configuration of Rserve exposes or compromises in any way the data being sent through the server connection between KNIME and R. After all, not all data being processed is free of confidentiality.

  • What kind of connection (local, remote) is used between KNIME and R together with Rserve ? My question does not relate to KNIME server but to a local installation of KNIME Analytics.
  • In case of a local connection, is such a connection accessible by or exposed to any other computers on the network or even outside the network?
  • Is there a way for the KNIME user to lock down the said connection, e.g. by requiring authentication ?

Hi @Geo,
the connection between KNIME and R is a local one. Whether other machines can access the RServe instance depends on how it is set up. By default it runs in local mode, rejecting any connections that do not come from localhost:

If you are running Rserve in local mode (which is the default), you must use the same machine for both the server and the client. Make sure you have no local firewall software running.
(https://www.rforge.net/Rserve/faq.html)

Rserve can be set up to require authentication, but I think KNIME does not support this as of now. However, for a local connection this should not matter. If you want to connect to a remote RServe I can make further enquiries about the possibility of authentication. Please let me know!
Kind regards,
Alexander

2 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.