update black white list #951

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

HTHou merged 1 commit into apache:main from leto-b:update-black-white-list

Jan 5, 2026

src/.vuepress/sidebar/V2.0.x/en-Table.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -108,7 +108,7 @@ export const enSidebar = { @@
             { text: 'Data Sync', link: 'Data-Sync_apache' },
             { text: 'UDF', link: 'User-defined-function' },
             {
-              text: 'Security Permissions',
+              text: 'Security Management',
               collapsible: true,
               children: [
                 { text: 'Authority Management', link: 'Authority-Management_apache' },
@@ Expand Down @@

src/.vuepress/sidebar/V2.0.x/en-Tree.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -127,7 +127,7 @@ export const enSidebar = { @@
             },
             { text: 'UDF', link: 'User-defined-function_apache' },
             {
-              text: 'Security Permissions',
+              text: 'Security Management',
               collapsible: true,
               children: [{ text: 'Permission Management', link: 'Authority-Management_apache' }],
             },
@@ Expand Down @@

src/.vuepress/sidebar/V2.0.x/zh-Table.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -108,7 +108,7 @@ export const zhSidebar = { @@
             { text: '数据同步', link: 'Data-Sync_apache' },
             { text: 'UDF', link: 'User-defined-function' },
             {
-              text: '安全权限',
+              text: '安全管理',
               collapsible: true,
               children: [{ text: '权限管理', link: 'Authority-Management_apache' }],
             },
@@ Expand Down @@

src/.vuepress/sidebar/V2.0.x/zh-Tree.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -118,7 +118,7 @@ export const zhSidebar = { @@
             },
             { text: 'UDF', link: 'User-defined-function_apache' },
             {
-              text: '安全权限',
+              text: '安全管理',
               collapsible: true,
               children: [{ text: '权限管理', link: 'Authority-Management_apache' }],
             },
@@ Expand Down @@

src/.vuepress/sidebar_timecho/V2.0.x/en-Table.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -125,10 +125,11 @@ export const enSidebar = { @@
             { text: 'Data Sync', link: 'Data-Sync_timecho' },
             { text: 'UDF', link: 'User-defined-function' },
             {
-              text: 'Security Permissions',
+              text: 'Security Management',
               collapsible: true,
               children: [
                 { text: 'Authority Management', link: 'Authority-Management_timecho' },
+                { text: 'Black White List', link: 'Black-White-List_timecho' },
               ],
             },
             { text: 'Tiered Storage', link: 'Tiered-Storage_timecho' },
@@ Expand Down @@

src/.vuepress/sidebar_timecho/V2.0.x/en-Tree.ts

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -147,11 +147,11 @@ export const enSidebar = {
  
            { text: 'UDF', link: 'User-defined-function_timecho' },

            { text: 'View', link: 'IoTDB-View_timecho' },

            {

              text: 'Security Permissions',

              text: 'Security Management',

              collapsible: true,

              children: [

                { text: 'Permission Management', link: 'Authority-Management_timecho' },

                { text: 'White List', link: 'White-List_timecho' },

                { text: 'Black White List', link: 'Black-White-List_timecho' },

                { text: 'Security Audit', link: 'Audit-Log_timecho' },

              ],

            },

src/.vuepress/sidebar_timecho/V2.0.x/zh-Table.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -116,9 +116,12 @@ export const zhSidebar = { @@
             { text: '数据同步', link: 'Data-Sync_timecho' },
             { text: 'UDF', link: 'User-defined-function' },
             {
-              text: '安全权限',
+              text: '安全管理',
               collapsible: true,
-              children: [{ text: '权限管理', link: 'Authority-Management_timecho' }],
+              children: [
+                  { text: '权限管理', link: 'Authority-Management_timecho' },
+                  { text: '黑白名单', link: 'Black-White-List_timecho' },
+              ],
             },
             { text: '多级存储', link: 'Tiered-Storage_timecho' },
             { text: '树转表视图', link: 'Tree-to-Table' },
@@ Expand Down @@

src/.vuepress/sidebar_timecho/V2.0.x/zh-Tree.ts

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -129,11 +129,11 @@ export const zhSidebar = {
  
            { text: 'UDF', link: 'User-defined-function_timecho' },

            { text: '视图', link: 'IoTDB-View_timecho' },

            {

              text: '安全权限',

              text: '安全管理',

              collapsible: true,

              children: [

                { text: '权限管理', link: 'Authority-Management_timecho' },

                { text: '白名单', link: 'White-List_timecho' },

                { text: '黑白名单', link: 'Black-White-List_timecho' },

                { text: '安全审计', link: 'Audit-Log_timecho' },

              ],

            },

src/UserGuide/Master/Table/User-Manual/Black-White-List_timecho.md

-Original file line number
+Diff line change
@@ -0,0 +1,78 @@
+    <!--
+        Licensed to the Apache Software Foundation (ASF) under one
+        or more contributor license agreements.  See the NOTICE file
+        distributed with this work for additional information
+        regarding copyright ownership.  The ASF licenses this file
+        to you under the Apache License, Version 2.0 (the
+        "License"); you may not use this file except in compliance
+        with the License.  You may obtain a copy of the License at
+            http://www.apache.org/licenses/LICENSE-2.0
+        Unless required by applicable law or agreed to in writing,
+        software distributed under the License is distributed on an
+        "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+        KIND, either express or implied.  See the License for the
+        specific language governing permissions and limitations
+        under the License.
+    -->
+    # Black White List
+    ## 1. Introduction
+    IoTDB is a time-series database designed for IoT scenarios, supporting efficient data storage, query, and analysis. With the widespread application of IoT technology, data security and access control have become critical. In open environments, ensuring secure data access for legitimate users presents a key challenge. The whitelist mechanism allows only trusted IPs or users to connect, reducing the attack surface at the source. The blacklist function can block malicious IPs in real time in edge-cloud collaborative scenarios, preventing unauthorized access, SQL injection, brute‑force attacks, DDoS, and other threats, thereby providing continuous and stable security for data transmission.
+    > Note: This feature is available starting from version 2.0.6.
+    ## 2. Whitelist
+    ### 2.1 Function Description
+    By enabling the whitelist function and configuring the whitelist, client addresses allowed to connect to IoTDB are specified. Only clients within the whitelist can access IoTDB, achieving security control.
+    ### 2.2 Configuration Parameters
+    Administrators can enable/disable the whitelist function and add, modify, or delete whitelist IPs/IP segments in the following two ways:
+    * Edit the configuration file `iotdb‑system.properties`.
+    * Use the `set configuration` statement.
+        * Table model reference: [set configuration](../SQL-Manual/SQL-Maintenance-Statements.md#_2-2-update-configuration-items)
+    Related parameters are as follows:
+    | Name            | Description                                                                                                                       | Default Value | Effective Mode | Example                                                           |
+    | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------- | --------------- | ---------------- | ------------------------------------------------------------------- |
+    | `enable_white_list` | Whether to enable the whitelist function. true: enable; false: disable. The value is case‑insensitive.                           | false         | Hot reload     | `set enable_white_list = 'true'`                              |
+    | `white_ip_list`   | Add, modify, or delete whitelist IPs/IP segments. Supports exact match and the \* wildcard. Multiple IPs are separated by commas. | empty         | Hot reload     | `set white_ip_list='192.168.1.200,192.168.1.201,192.168.1.*'` |
+    ## 3. Blacklist
+    ### 3.1 Function Description
+    By enabling the blacklist function and configuring the blacklist, certain specific IP addresses are prevented from accessing the database, guarding against unauthorized access, SQL injection, brute‑force attacks, DDoS attacks, and other security threats, thereby ensuring the security and stability of data transmission.
+    ### 3.2 Configuration Parameters
+    Administrators can enable/disable the blacklist function and add, modify, or delete blacklist IPs/IP segments in the following two ways:
+    * Edit the configuration file `iotdb‑system.properties`.
+    * Use the `set configuration`statement.
+        * Table model reference:[set configuration](../SQL-Manual/SQL-Maintenance-Statements.md#_2-2-update-configuration-items)
+    Related parameters are as follows:
+    | Name                | Description                                                                                                                       | Default Value | Effective Mode | Example                                                           |
+    |---------------------| ----------------------------------------------------------------------------------------------------------------------------------- | --------------- | ---------------- | ------------------------------------------------------------------- |
+    | `enable_black_list` | Whether to enable the blacklist function. true: enable; false: disable. The value is case‑insensitive.                           | false         | Hot reload     | `set enable_black_list = 'true'`                              |
+    | `black_ip_list`     | Add, modify, or delete blacklist IPs/IP segments. Supports exact match and the \* wildcard. Multiple IPs are separated by commas. | empty         | Hot reload     | `set black_ip_list='192.168.1.200,192.168.1.201,192.168.1.*'` |
+    ## 4. Notes
+. After the whitelist is enabled, if the list is empty, all connections are denied. If the local IP is not included, local login is denied.
+. When the same IP appears in both the whitelist and blacklist, the blacklist takes precedence.
+. The system validates the IP format. Invalid entries will cause an error when the user connects and be skipped, without affecting the loading of other valid IPs.
+. Duplicate IPs in the configuration are supported; they are automatically deduplicated in memory without notification. For manual deduplication, edit the configuration accordingly.
+. Blacklist/whitelist rules only apply to new connections. Existing connections before enabling the function are not affected; they will be intercepted only upon subsequent reconnection.

src/UserGuide/Master/Tree/QuickStart/QuickStart_timecho.md

-Original file line number
+Diff line change
@@ Expand Up @@
        - Stream Framework: [Stream Framework](../User-Manual/Streaming_timecho.md)
-       - Security Management: [Security Management](../User-Manual/White-List_timecho.md)
+       - Security Management: [Security Management](../User-Manual/Black-White-List_timecho.md)
        - Database Administration: [Database Administration](../User-Manual/Authority-Management_timecho.md)
@@ Expand Down @@

src/UserGuide/Master/Tree/User-Manual/Black-White-List_timecho.md

-Original file line number
+Diff line change
@@ -0,0 +1,78 @@
+    <!--
+        Licensed to the Apache Software Foundation (ASF) under one
+        or more contributor license agreements.  See the NOTICE file
+        distributed with this work for additional information
+        regarding copyright ownership.  The ASF licenses this file
+        to you under the Apache License, Version 2.0 (the
+        "License"); you may not use this file except in compliance
+        with the License.  You may obtain a copy of the License at
+            http://www.apache.org/licenses/LICENSE-2.0
+        Unless required by applicable law or agreed to in writing,
+        software distributed under the License is distributed on an
+        "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+        KIND, either express or implied.  See the License for the
+        specific language governing permissions and limitations
+        under the License.
+    -->
+    # Black White List
+    ## 1. Introduction
+    IoTDB is a time-series database designed for IoT scenarios, supporting efficient data storage, query, and analysis. With the widespread application of IoT technology, data security and access control have become critical. In open environments, ensuring secure data access for legitimate users presents a key challenge. The whitelist mechanism allows only trusted IPs or users to connect, reducing the attack surface at the source. The blacklist function can block malicious IPs in real time in edge-cloud collaborative scenarios, preventing unauthorized access, SQL injection, brute‑force attacks, DDoS, and other threats, thereby providing continuous and stable security for data transmission.
+    > Note: This feature is available starting from version 2.0.6.
+    ## 2. Whitelist
+    ### 2.1 Function Description
+    By enabling the whitelist function and configuring the whitelist, client addresses allowed to connect to IoTDB are specified. Only clients within the whitelist can access IoTDB, achieving security control.
+    ### 2.2 Configuration Parameters
+    Administrators can enable/disable the whitelist function and add, modify, or delete whitelist IPs/IP segments in the following two ways:
+    * Edit the configuration file `iotdb‑system.properties`.
+    * Use the `set configuration` statement.
+        * Tree model reference: [set configuration](../Reference/Modify-Config-Manual.md)
+    Related parameters are as follows:
+    | Name            | Description                                                                                                                       | Default Value | Effective Mode | Example                                                           |
+    | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------- | --------------- | ---------------- | ------------------------------------------------------------------- |
+    | `enable_white_list` | Whether to enable the whitelist function. true: enable; false: disable. The value is case‑insensitive.                           | false         | Hot reload     | `set enable_white_list = 'true'`                              |
+    | `white_ip_list`   | Add, modify, or delete whitelist IPs/IP segments. Supports exact match and the \* wildcard. Multiple IPs are separated by commas. | empty         | Hot reload     | `set white_ip_list='192.168.1.200,192.168.1.201,192.168.1.*'` |
+    ## 3. Blacklist
+    ### 3.1 Function Description
+    By enabling the blacklist function and configuring the blacklist, certain specific IP addresses are prevented from accessing the database, guarding against unauthorized access, SQL injection, brute‑force attacks, DDoS attacks, and other security threats, thereby ensuring the security and stability of data transmission.
+    ### 3.2 Configuration Parameters
+    Administrators can enable/disable the blacklist function and add, modify, or delete blacklist IPs/IP segments in the following two ways:
+    * Edit the configuration file `iotdb‑system.properties`.
+    * Use the `set configuration`statement.
+        * Tree model reference:[set configuration](../Reference/Modify-Config-Manual.md)
+    Related parameters are as follows:
+    | Name                | Description                                                                                                                       | Default Value | Effective Mode | Example                                                           |
+    |---------------------| ----------------------------------------------------------------------------------------------------------------------------------- | --------------- | ---------------- | ------------------------------------------------------------------- |
+    | `enable_black_list` | Whether to enable the blacklist function. true: enable; false: disable. The value is case‑insensitive.                           | false         | Hot reload     | `set enable_black_list = 'true'`                              |
+    | `black_ip_list`     | Add, modify, or delete blacklist IPs/IP segments. Supports exact match and the \* wildcard. Multiple IPs are separated by commas. | empty         | Hot reload     | `set black_ip_list='192.168.1.200,192.168.1.201,192.168.1.*'` |
+    ## 4. Notes
+. After the whitelist is enabled, if the list is empty, all connections are denied. If the local IP is not included, local login is denied.
+. When the same IP appears in both the whitelist and blacklist, the blacklist takes precedence.
+. The system validates the IP format. Invalid entries will cause an error when the user connects and be skipped, without affecting the loading of other valid IPs.
+. Duplicate IPs in the configuration are supported; they are automatically deduplicated in memory without notification. For manual deduplication, edit the configuration accordingly.
+. Blacklist/whitelist rules only apply to new connections. Existing connections before enabling the function are not affected; they will be intercepted only upon subsequent reconnection.

src/UserGuide/Master/Tree/User-Manual/White-List_timecho.md

This file was deleted.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update black white list #951

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!