[ https://issues.apache.org/jira/browse/CASSANDRA-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13142548#comment-13142548 ]
Andrew Schiefelbein commented on CASSANDRA-2274: ------------------------------------------------ I believe Bob Blakley once wrote that trust is for suckers. I'm not worried about physical attacks against a single box, you can never be 100% secure, because if there is a way there is a will, however, the current security model allows enough of a hole for a sophisticated individual with enough knowledge and malicious intent to quite easy fire up a node and replicate off data without so much as a slap on the wrist. I believe that point is taken on this thread so I will stop hammering it home. That said, I will award bonus points and buy you a 6 pack of whatever tasty beverage you prefer if you could enable this cluster wide, and have these settings dynamic in the database itself that you can tweak while it's running. Bringing nodes up and down to add / remove other nodes is no fun, as it is also no fun when you have to modify users and access properties. And though I was invited to help fix this here: https://issues.apache.org/jira/browse/CASSANDRA-2275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel I haven't been able to win the lottery to get enough free time to do it, hence the offer of the 6 pack. > Restrict Cassandra cluster node joins to a list of named hosts > -------------------------------------------------------------- > > Key: CASSANDRA-2274 > URL: https://issues.apache.org/jira/browse/CASSANDRA-2274 > Project: Cassandra > Issue Type: Improvement > Components: Core > Affects Versions: 0.7.2 > Environment: All > Reporter: Andrew Schiefelbein > > Because firewalls and employees are not infallible it would be nice to > restrict the ability of any node to join a cluster to a list of named hosts > in the configuration so that someone would be unable to start a node and > replicate all the data locally. I understand that in order to do this the > person must know the seed servers and the cluster name and to extract the > data they will need a userid and password but another level of security would > be to force them to execute any brute force attack from a locked down server > instead of replicating all the data locally. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira