[
https://issues.apache.org/jira/browse/CASSANDRA-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13134333#comment-13134333
]
Andrew Schiefelbein commented on CASSANDRA-2274:
------------------------------------------------
Though I agree that you could fix this particular problem by walling off the
systems I don't believe that is a very workable solution for larger
environments where all you have is the ability to log in as a named user to a
system in the data center, and you do not have root access and if you wish to
setup firewalls the best that can said to you is good luck with that. The
thing that I was pushing for in my original post was to have the ability to
control access without modification to a host system, or host network, and to
be able to do this as an enfeebled user and not a super one. I agree with you
that if this was available you would do one or the other, doing both would
cause no end of problems, but to have the ability to control this as a normal
user makes life easier for those of us who have to play nicely in a very small
sandbox.
> Restrict Cassandra cluster node joins to a list of named hosts
> --------------------------------------------------------------
>
> Key: CASSANDRA-2274
> URL: https://issues.apache.org/jira/browse/CASSANDRA-2274
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Affects Versions: 0.7.2
> Environment: All
> Reporter: Andrew Schiefelbein
>
> Because firewalls and employees are not infallible it would be nice to
> restrict the ability of any node to join a cluster to a list of named hosts
> in the configuration so that someone would be unable to start a node and
> replicate all the data locally. I understand that in order to do this the
> person must know the seed servers and the cluster name and to extract the
> data they will need a userid and password but another level of security would
> be to force them to execute any brute force attack from a locked down server
> instead of replicating all the data locally.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
