[jira] [Commented] (CASSANDRA-2274) Restrict Cassandra cluster node joins to a list of named hosts

Tue, 08 Nov 2011 03:43:16 -0800 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13146228#comment-13146228
 ] 

David Allsopp commented on CASSANDRA-2274:
------------------------------------------

One thing that should at least be emphasized in documentation is that the 
security is a bit all-or-nothing.  With encryption enabled I expect the 
security to be solid (though I haven't investigated in detail yet - I'm unsure 
how easy this is to administer, or what the performance implications are).

However, on an unencrypted cluster users may currently have a false sense of 
security - Thrift authentication can be enabled, but since the underlying 
inter-node messages are unauthenticated, I think an attacker can do what they 
like if they have access to the network. Iptables is therefore very important 
if you don't have complete control over who can access your local network. Even 
then, Thrift authentication can still be largely bypassed by anyone who has 
access to any node not blocked by iptables (i.e. any operational cluster node).
                
> Restrict Cassandra cluster node joins to a list of named hosts
> --------------------------------------------------------------
>
>                 Key: CASSANDRA-2274
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-2274
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 0.7.2
>         Environment: All
>            Reporter: Andrew Schiefelbein
>
> Because firewalls and employees are not infallible it would be nice to 
> restrict the ability of any node to join a cluster to a list of named hosts 
> in the configuration so that someone would be unable to start a node and 
> replicate all the data locally.  I understand that in order to do this the 
> person must know the seed servers and the cluster name and to extract the 
> data they will need a userid and password but another level of security would 
> be to force them to execute any brute force attack from a locked down server 
> instead of replicating all the data locally.  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to