[ https://issues.apache.org/jira/browse/CASSANDRA-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13144993#comment-13144993 ]
David Allsopp edited comment on CASSANDRA-2274 at 11/6/11 1:14 PM: ------------------------------------------------------------------- One additional issue is that currently we deserialize the "from" IP address from the incoming message header, using Header.deserialize() and CompactEndpointSerializationHelper.deserialize() i.e. _we trust the sender to supply a true IP address_. Might be worth a sub-issue to change this, i.e. don't store the IP address in the message Header at all (saving a small amount of space) and set the 'true' sender IP upon receipt of the message, in org.apache.cassandra.net.IncomingTcpConnection, using socket.getInetAddress() ? was (Author: dallsopp): One additional issue is that currently we deserialize the "from" IP address from the incoming message header, using Header.deserialize() and CompactEndpointSerializationHelper.deserialize() i.e. _we trust the sender to supply a true IP address_. > Restrict Cassandra cluster node joins to a list of named hosts > -------------------------------------------------------------- > > Key: CASSANDRA-2274 > URL: https://issues.apache.org/jira/browse/CASSANDRA-2274 > Project: Cassandra > Issue Type: Improvement > Components: Core > Affects Versions: 0.7.2 > Environment: All > Reporter: Andrew Schiefelbein > > Because firewalls and employees are not infallible it would be nice to > restrict the ability of any node to join a cluster to a list of named hosts > in the configuration so that someone would be unable to start a node and > replicate all the data locally. I understand that in order to do this the > person must know the seed servers and the cluster name and to extract the > data they will need a userid and password but another level of security would > be to force them to execute any brute force attack from a locked down server > instead of replicating all the data locally. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira