From 859a0d954a98eb1b57624a628a7423543e05c01f Mon Sep 17 00:00:00 2001 From: escaleira Date: Tue, 19 Nov 2024 22:15:07 +0000 Subject: [PATCH] disclaimer regarding the OSM default installation Signed-off-by: escaleira --- 01-quickstart.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/01-quickstart.md b/01-quickstart.md index 78fc86b..07d2924 100644 --- a/01-quickstart.md +++ b/01-quickstart.md @@ -43,6 +43,15 @@ In order for OSM to work, it is assumed that: ## Installing OSM +## 🔒 Before installing: a security warning + +The default installation of OSM is solely intended for **testing**, **development**, and **evaluation purposes only**. +Therefore, it should not be installed in a production environment, at least without a proper risk assessment and definition of the appropriate measures to take while deploying on the target domain. +While OSM is taking significant steps to enhance security — using a secure ingress controller, [account protection after too many attempts](06-osm-platform-configuration.md#how-to-enable-user-management-enhancements-to-enforce-password-best-practices), or [fine-grain Role-based Access Control rules](06-osm-platform-configuration.md) — other configurations would be needed for it to be securely provided in a production-ready setup. +If deployed in a production setting without further analysis and configuration, the system may be vulnerable to unauthorized access, data breaches, and other security risks. + +**As a result, only install OSM in a production setting if you are completely confident in your understanding and approach.** + ### Default installation procedure All you need to run OSM is a single server or VM with the following requirements: -- GitLab