[
https://issues.apache.org/jira/browse/CASSANDRA-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13142548#comment-13142548
]
Andrew Schiefelbein commented on CASSANDRA-2274:
------------------------------------------------
I believe Bob Blakley once wrote that trust is for suckers. I'm not worried
about physical attacks against a single box, you can never be 100% secure,
because if there is a way there is a will, however, the current security model
allows enough of a hole for a sophisticated individual with enough knowledge
and malicious intent to quite easy fire up a node and replicate off data
without so much as a slap on the wrist. I believe that point is taken on this
thread so I will stop hammering it home. That said, I will award bonus points
and buy you a 6 pack of whatever tasty beverage you prefer if you could enable
this cluster wide, and have these settings dynamic in the database itself that
you can tweak while it's running. Bringing nodes up and down to add / remove
other nodes is no fun, as it is also no fun when you have to modify users and
access properties. And though I was invited to help fix this here:
https://issues.apache.org/jira/browse/CASSANDRA-2275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
I haven't been able to win the lottery to get enough free time to do it, hence
the offer of the 6 pack.
> Restrict Cassandra cluster node joins to a list of named hosts
> --------------------------------------------------------------
>
> Key: CASSANDRA-2274
> URL: https://issues.apache.org/jira/browse/CASSANDRA-2274
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Affects Versions: 0.7.2
> Environment: All
> Reporter: Andrew Schiefelbein
>
> Because firewalls and employees are not infallible it would be nice to
> restrict the ability of any node to join a cluster to a list of named hosts
> in the configuration so that someone would be unable to start a node and
> replicate all the data locally. I understand that in order to do this the
> person must know the seed servers and the cluster name and to extract the
> data they will need a userid and password but another level of security would
> be to force them to execute any brute force attack from a locked down server
> instead of replicating all the data locally.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
