[
https://issues.apache.org/jira/browse/CASSANDRA-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13145860#comment-13145860
]
Brandon Williams commented on CASSANDRA-2274:
---------------------------------------------
bq. I can't see how it prevents attacks from trusted nodes
If the node is in fact *trusted* then you're screwed. Add as many layers as
you like, but the definition of *trusted* won't change and you'll have the same
core problem: something *trusted* is doing something *malicious*.
bq. how would the use of encryption work in a multi-tenant environment?
I don't understand, a cluster is a cluster regardless of the amount of tenants.
It sounds like you're describing something where multiple tenants would each
contribute nodes to the cluster, that is not supported.
bq. The standard practice of rolling encryption keys might be difficult as well
If the machine is trusted and compromised and wants to be malicious, it's game
over, rolling keys or not. I don't see any value in adding such complexity
given this.
bq. If a key becomes compromised then a receiving node will still honor a
sender's request because it doesn't attempt to do any verification that the
sender has the authority to performing the action it is requesting be executed.
Then the CA should issue a revocation for that key. SSL/TLS has these problems
solved.
> Restrict Cassandra cluster node joins to a list of named hosts
> --------------------------------------------------------------
>
> Key: CASSANDRA-2274
> URL: https://issues.apache.org/jira/browse/CASSANDRA-2274
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Affects Versions: 0.7.2
> Environment: All
> Reporter: Andrew Schiefelbein
>
> Because firewalls and employees are not infallible it would be nice to
> restrict the ability of any node to join a cluster to a list of named hosts
> in the configuration so that someone would be unable to start a node and
> replicate all the data locally. I understand that in order to do this the
> person must know the seed servers and the cluster name and to extract the
> data they will need a userid and password but another level of security would
> be to force them to execute any brute force attack from a locked down server
> instead of replicating all the data locally.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
