HTTPS listener security(HTTPS 监听器安全)¶
HTTPS listeners differ from standard Foundry data ingestion, so ensure that you understand these security paradigms before enabling your connections.
Request authorization¶
Request interfaces for HTTPS listeners are defined by external systems, so they do not conform to standard Foundry authentication or authorization mechanisms. Instead, listeners implement the security protocols laid out by those external systems, which vary widely.
Palantir makes no guarantees about the suitability or effectiveness of these external system protocols. You are responsible for ensuring that you understand which guarantees each protocol does or does not provide for the incoming requests and data.
The specific protocols implemented for each listener can be found in the Configuration step of the listener setup wizard, as well as the external system's documentation.

Redaction and data security¶
A minimal set of redactions is sometimes performed on incoming data. It is important to note that these redaction mechanisms are best effort, and Palantir cannot guarantee that sensitive data, such as tokens, will be completely redacted from request bodies.
For HTTPS listeners it is essential to secure both your listener and the output stream. This includes restricting access to both by placing them in a restricted project, as well as applying markings on the listener when necessary.
Subdomains¶
HTTPS listeners can be mounted to dedicated subdomains, allowing for granular ingress control, comprehensive governance workflows, and isolation of less secure endpoints from the environment's primary enrollment domains. Learn more about listener subdomains.
Endpoint rotation¶
If the listener's endpoint is compromised, it can be rotated to a new endpoint. Learn more about endpoint rotation.
中文翻译¶
HTTPS 监听器安全¶
HTTPS 监听器与标准的 Foundry 数据摄取方式不同,因此在启用连接之前,请确保您理解这些安全范式。
请求授权¶
HTTPS 监听器的请求接口由外部系统定义,因此它们不符合标准的 Foundry 身份验证或授权机制。相反,监听器会实现这些外部系统所规定的安全协议,而这些协议差异很大。
Palantir 不对这些外部系统协议的适用性或有效性做出任何保证。您有责任确保理解每个协议为传入请求和数据提供或不提供哪些保障。
每个监听器所实现的具体协议可在监听器设置向导的配置步骤以及外部系统的文档中找到。

数据编辑与安全¶
有时会对传入数据执行最小限度的编辑操作。需要注意的是,这些编辑机制仅为尽力而为,Palantir 无法保证敏感数据(如令牌)会从请求正文中完全编辑掉。
对于 HTTPS 监听器,保护您的监听器和输出流至关重要。这包括通过将两者置于受限项目中来限制访问,以及在必要时对监听器应用标记。
子域名¶
HTTPS 监听器可以挂载到专用子域名上,从而实现精细的入站流量控制、全面的治理工作流,并将安全性较低的端点与环境的主要注册域名隔离开来。了解更多关于监听器子域名的信息。
端点轮换¶
如果监听器的端点遭到泄露,可以将其轮换到新的端点。了解更多关于端点轮换的信息。