Documentation

Security Hardening Suggestions

  • Ports 63342 to 63391 are built-in server ports of MindStudio IDE and can be used to open local web services, HTML files, and XML files. To improve security, it is recommended that the port range be used only locally and not open to other devices on the firewall.
  • Try to depend on the CANN package installed by the current user, or ensure that the common user who installs the CANN package is trusted, to avoid privilege escalation risks.
  • If you start MindStudio IDE as the root user and select a file in the common user path on the configuration page or configure environment variables to the common user path, privilege escalation risks may occur. You are advised to start MindStudio as a common user.
  • For files and logs generated by invoking third-party components through MindStudio IDE, ensure that the permissions are minimized.
  • MindStudio IDE is a development-state tool. You are advised to start MindStudio locally instead of using it through X protocol forwarding.
  • If you use HTTPS to access external websites, set the TLS protocol version of the browser to TLS 1.2 or TLS 1.3.
  • When creating a project, do not select a directory that contains a soft link to reduce security risks.
  • If you install the software package using pip in the Python virtual environment or download other projects for import and running, ensure that the downloaded or imported project is secure.
Parent topic: Appendixes