Re: user / password authentication advice
You could use CassandraAuthorizer and PaaswordAuthenticator which ships with Cassandra. See this article[1] for a good overview. [1] http://www.datastax.com/dev/blog/a-quick-tour-of-internal-authentication-and-authorization-security-in-datastax-enterprise-and-apache-cassandra On Thursday, December 12, 2013, onlinespending wrote: > OK, thanks for getting me going in the right direction. I imagine most > people would store password and tokenized authentication information in a > single table, using the username (e.g. email address) as the key? > > > On Dec 11, 2013, at 10:44 PM, Janne Jalkanen > 'janne.jalka...@ecyrd.com');>> > wrote: > > > Hi! > > You're right, this isn't really Cassandra-specific. Most languages/web > frameworks have their own way of doing user authentication, and then you > just typically write a plugin that just stores whatever data the system > needs in Cassandra. > > For example, if you're using Java (or Scala or Groovy or anything else > JVM-based), Apache Shiro is a good way of doing user authentication and > authorization. http://shiro.apache.org/. Just implement a custom Realm > for Cassandra and you should be set. > > /Janne > > On Dec 12, 2013, at 05:31 , onlinespending > 'onlinespend...@gmail.com');>> > wrote: > > Hi, > > I’m using Cassandra in an environment where many users can login to use an > application I’m developing. I’m curious if anyone has any advice or links > to documentation / blogs where it discusses common implementations or best > practices for user and password authentication. My cursory search online > didn’t bring much up on the subject. I suppose the information needn’t even > be specific to Cassandra. > > I imagine a few basic steps will be as follows: > > >- user types in username (e.g. email address) and password >- this is verified against a table storing username and passwords >(encrypted in some way) >- a token is return to the app / web browser to allow further >transactions using secure token (e.g. cookie) > > > Obviously I’m only scratching the surface and it’s the detail and best > practices of implementing this user / password authentication that I’m > curious about. > > Thank you, > Ben > > > > > -- - John
Re: user / password authentication advice
OK, thanks for getting me going in the right direction. I imagine most people would store password and tokenized authentication information in a single table, using the username (e.g. email address) as the key? On Dec 11, 2013, at 10:44 PM, Janne Jalkanen wrote: > > Hi! > > You're right, this isn't really Cassandra-specific. Most languages/web > frameworks have their own way of doing user authentication, and then you just > typically write a plugin that just stores whatever data the system needs in > Cassandra. > > For example, if you're using Java (or Scala or Groovy or anything else > JVM-based), Apache Shiro is a good way of doing user authentication and > authorization. http://shiro.apache.org/. Just implement a custom Realm for > Cassandra and you should be set. > > /Janne > > On Dec 12, 2013, at 05:31 , onlinespending wrote: > >> Hi, >> >> I’m using Cassandra in an environment where many users can login to use an >> application I’m developing. I’m curious if anyone has any advice or links to >> documentation / blogs where it discusses common implementations or best >> practices for user and password authentication. My cursory search online >> didn’t bring much up on the subject. I suppose the information needn’t even >> be specific to Cassandra. >> >> I imagine a few basic steps will be as follows: >> >> user types in username (e.g. email address) and password >> this is verified against a table storing username and passwords (encrypted >> in some way) >> a token is return to the app / web browser to allow further transactions >> using secure token (e.g. cookie) >> >> Obviously I’m only scratching the surface and it’s the detail and best >> practices of implementing this user / password authentication that I’m >> curious about. >> >> Thank you, >> Ben >> >> >
Re: user / password authentication advice
Hi! You're right, this isn't really Cassandra-specific. Most languages/web frameworks have their own way of doing user authentication, and then you just typically write a plugin that just stores whatever data the system needs in Cassandra. For example, if you're using Java (or Scala or Groovy or anything else JVM-based), Apache Shiro is a good way of doing user authentication and authorization. http://shiro.apache.org/. Just implement a custom Realm for Cassandra and you should be set. /Janne On Dec 12, 2013, at 05:31 , onlinespending wrote: > Hi, > > I’m using Cassandra in an environment where many users can login to use an > application I’m developing. I’m curious if anyone has any advice or links to > documentation / blogs where it discusses common implementations or best > practices for user and password authentication. My cursory search online > didn’t bring much up on the subject. I suppose the information needn’t even > be specific to Cassandra. > > I imagine a few basic steps will be as follows: > > user types in username (e.g. email address) and password > this is verified against a table storing username and passwords (encrypted in > some way) > a token is return to the app / web browser to allow further transactions > using secure token (e.g. cookie) > > Obviously I’m only scratching the surface and it’s the detail and best > practices of implementing this user / password authentication that I’m > curious about. > > Thank you, > Ben > >
Re: user / password authentication advice
Not sure if you are asking about the authentication & authorisation in cassandra or how to implemented the same using cassandra. info on the cassandra authentication and authorisation is here http://www.datastax.com/documentation/cassandra/2.0/webhelp/index.html#cassandra/security/securityTOC.html Hope that helps. - Aaron Morton New Zealand @aaronmorton Co-Founder & Principal Consultant Apache Cassandra Consulting http://www.thelastpickle.com On 12/12/2013, at 4:31 pm, onlinespending wrote: > Hi, > > I’m using Cassandra in an environment where many users can login to use an > application I’m developing. I’m curious if anyone has any advice or links to > documentation / blogs where it discusses common implementations or best > practices for user and password authentication. My cursory search online > didn’t bring much up on the subject. I suppose the information needn’t even > be specific to Cassandra. > > I imagine a few basic steps will be as follows: > > user types in username (e.g. email address) and password > this is verified against a table storing username and passwords (encrypted in > some way) > a token is return to the app / web browser to allow further transactions > using secure token (e.g. cookie) > > Obviously I’m only scratching the surface and it’s the detail and best > practices of implementing this user / password authentication that I’m > curious about. > > Thank you, > Ben > >