A simple per keyspace authentication is a much needed feature for
cassandra. This has little to do with "exposed to the outside world".
The ACL on a cassandra server needs to give thrift access to clients,
such as application servers. Without any authentication anyone having
access to any server that can access the cassandra cluster has access to
all data on the cluster. That's bad.
The authentication allows the admin to reduce exposure such that the
compromise of one client server only affects the keyspace to which the
client has access. If you do things well and don't store the password on
the app server disk you can even protect the data accessed by the app
server from (all but the most sophisticated) intruders onto the app
server machines themselves. All this falls under the "defense in depth"
umbrella.
Thorsten
Joe Stump wrote:
On Nov 11, 2009, at 3:29 PM, Alexander Vushkan wrote:
...but authentication support would be nice to have...
I'll continue to object to this. If you're considering running
Cassandra (or MySQL or Reddis or Memcache or MemcacheDB or ...) on an
open network Ur Doin' It Wrong. This is what VPN's were created for.
Nobody in their right mind runs stuff like this, in production,
exposed to the outside world.
Cassandra was built for performance and adding this authentication
stuff will do nothing but be an unneeded performance hit for a use
case that the project shouldn't be fulfilling.
--Joe
