[ https://issues.apache.org/jira/browse/CASSANDRA-14465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16502041#comment-16502041 ]
Per Otterström commented on CASSANDRA-14465: -------------------------------------------- A third option would be to make this a configuration option. Would make it easy for users to opt in or out. Also, no need to create custom IAuditLogger implementations. Security is a valid concern. Another may be performance. > Consider logging prepared statements bound values in Audit Log > -------------------------------------------------------------- > > Key: CASSANDRA-14465 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14465 > Project: Cassandra > Issue Type: Improvement > Reporter: Vinay Chella > Priority: Minor > > The Goal of this ticket is to determine the best way to implement audit > logging of actual bound values from prepared statement execution. The current > default implementation does not log bound values > Here are the options I see > 1. Log bound values of prepared statements > 2. Let a custom implementation of IAuditLogger decide what to do > *Context*: > Option #1: Works for teams which expects bind values to be logged in audit > log without any security or compliance concerns > Option #2: Allows teams make the best choice for themselves > Note that the efforts of securing C* clusters by certs, authentication, and > audit logging can go in vain when log rotation and log aggregation systems > are not equally secure enough since logging bind values allow someone to > replay the database events and expose sensitive data. > [~spo...@gmail.com] [~jasobrown] -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org