返回 Skill 列表
extension
分类: 开发与工程无需 API Key

security-baseline

适用于整个系统的安全需求、威胁和控制措施

person作者: jakexiaohubgithub

Security Baseline

Threat Model (High Level)

  • Primary users: internal analytics users
  • Assets to protect:
    • Customer PII (anonymized in demo)
    • Event data integrity
    • Connection strings and secrets

Required Controls

Authentication

  • Use Azure AD / Entra ID for Fabric workspace access
  • Service principals for automated pipelines

Authorization

  • Enforce least privilege on Fabric items
  • Separate dev/prod workspaces

Input Validation & Output Encoding

  • Validate all untrusted input at boundaries
  • Sanitize or encode output where appropriate

Secrets Management

  • Store secrets in Azure Key Vault, never in code or config files
  • Use Fabric-managed connections where possible

Logging & Auditing

  • Log security-relevant events
  • Avoid logging sensitive data

Common Vulnerabilities

  • Never embed connection strings in notebooks
  • Validate JSON payloads in streaming pipelines