Re: [DISCUSS] CEP-20: Dynamic Data Masking

As mentioned in the CEP document, dynamic data masking doesn't try to prevent malicious users with SELECT permissions to indirectly guess the real value of the masked value. This can easily be done by just trying values on the WHERE clause of SELECT queries. DDM would not be a replacement for prope

Re: [DISCUSS] CEP-20: Dynamic Data Masking

> > Applying this should prevent querying on a field, else you could leak its > contents, surely? > In theory, yes. Although I could see folks doing something like this: SELECT COUNT(*) FROM patients WHERE year_of_birth = 2002 AND date_of_birth >= '2002-04-01' AND date_of_birth < '2002-11-01';

Re: [DISCUSS] CEP-21: Transactional Cluster Metadata

I just want to say I’m really excited about this work. It’s one of the last > remaining major inadequacies of the project that makes it hard for people > to deploy, and hard for us to develop. > > Second this. And what a solid write up Sam - it's a real joy reading this CEP.

Re: [DISCUSS] CEP-20: Dynamic Data Masking

Agreed on not being a queryable field. That would also preclude secondary indexing, right? On Tue, Aug 23, 2022 at 11:20 AM Benedict wrote: > Applying this should prevent querying on a field, else you could leak its > contents, surely? This pretty much prohibits using it in a clustering key, > a

Re: [DISCUSS] CEP-20: Dynamic Data Masking

Applying this should prevent querying on a field, else you could leak its contents, surely? This pretty much prohibits using it in a clustering key, and a partition key with the ordered partitioner - but probably also a hashed partitioner since we do not use a cryptographic hash and the hash fun

Re: [DISCUSS] CEP-20: Dynamic Data Masking

Some thoughts on this one: In a prior job, we'd give app teams access to a single keyspace, and two roles: a read-write role and a read-only role. In some cases, a "privileged" application role was also requested. Depending on the requirements, I could see the UNMASK permission being applied to

Re: [DISCUSS] CEP-21: Transactional Cluster Metadata

On Tue, Aug 23, 2022 at 2:51 AM Sam Tunnicliffe wrote: > > Regular read/write operations should not be halted, even by a total > failure of the metadata service. There should be no situations where the a > previously stable database becomes entirely unavailable due to a CMS > failure. The worst c

Re: [VOTE] Release Apache Cassandra 4.0.6

+1 On 23/8/22 14:50, Ekaterina Dimitrova wrote: +1(nb) On Tue, 23 Aug 2022 at 8:49, Josh McKenzie wrote: +1 On Tue, Aug 23, 2022, at 6:47 AM, Benjamin Lerer wrote: +1 Le mar. 23 août 2022 à 11:30, Andrés de la Peña a écrit : +1 (nb) On Tue, 23 Aug 202

Re: [VOTE] Release Apache Cassandra 4.0.6

+1(nb) On Tue, 23 Aug 2022 at 8:49, Josh McKenzie wrote: > +1 > > On Tue, Aug 23, 2022, at 6:47 AM, Benjamin Lerer wrote: > > +1 > > Le mar. 23 août 2022 à 11:30, Andrés de la Peña > a écrit : > > +1 (nb) > > On Tue, 23 Aug 2022 at 06:14, Tommy Stendahl via dev < > dev@cassandra.apache.org> wrot

Re: [VOTE] Release Apache Cassandra 4.0.6

+1 On Tue, Aug 23, 2022, at 6:47 AM, Benjamin Lerer wrote: > +1 > > Le mar. 23 août 2022 à 11:30, Andrés de la Peña a > écrit : >> +1 (nb) >> >> On Tue, 23 Aug 2022 at 06:14, Tommy Stendahl via dev >> wrote: >>> +1 nb >>> >>> -Original Message- >>> *From*: Brandon Williams >>

Re: [DISCUSS] CEP-20: Dynamic Data Masking

On Tue, Aug 23, 2022 at 1:10 PM Andrés de la Peña wrote: > One thought: The way the CEP is currently written, it is only possible to >> mask a column one way. You can only define one masking function for a >> column, and since you use the original column name, you could only return >> one version

Re: [VOTE] Release Apache Cassandra 4.0.6

+1 Le mar. 23 août 2022 à 11:30, Andrés de la Peña a écrit : > +1 (nb) > > On Tue, 23 Aug 2022 at 06:14, Tommy Stendahl via dev < > dev@cassandra.apache.org> wrote: > >> +1 nb >> >> -Original Message- >> *From*: Brandon Williams > > >> *Reply-To*: dev@cassandra.apache.org >> *To*: dev >

Re: [DISCUSS] CEP-20: Dynamic Data Masking

> > One thought: The way the CEP is currently written, it is only possible to > mask a column one way. You can only define one masking function for a > column, and since you use the original column name, you could only return > one version of it in the result set, even if you had a way to define >

Re: [Marketing] For Review: Learn How CommitLog Works in Apache Cassandra

Hi Chris I've added a few comments and suggestions. Please feel free to use /ignore whichever ones you think :-) Thanks Sharan On 2022/08/23 00:08:52 Chris Thornett wrote: > Opening up Alex Sorokoumov's guide 'Learn How CommitLog Works in Apache > Cassandra' for a 72-hr community review by lazy

Re: [VOTE] Release Apache Cassandra 4.0.6

+1 (nb) On Tue, 23 Aug 2022 at 06:14, Tommy Stendahl via dev < dev@cassandra.apache.org> wrote: > +1 nb > > -Original Message- > *From*: Brandon Williams > > *Reply-To*: dev@cassandra.apache.org > *To*: dev > > > *Subject*: Re: [VOTE] Release Apache Cassandra 4.0.6 > *Date*: Mon, 22 Aug

Cassandra Day Berlin, September 20th

Hello, Cassandra community! The next Cassandra Day event will be an in-person, one-day event which will take place in the German capital on Tuesday, 20 September 2022, hosted and organized by DataStax. Cassandra Days focus on the open source Apache Cassandra project and the community that support

Re: [DISCUSS] CEP-21: Transactional Cluster Metadata

> What do you expect this to look like in practice? JSON representation of the > ring? Would reads and writes have halted? In what situations would the > database be entirely unavailable? The format is pretty much TDB I'm afraid. A JSON representation, or one in an equivalent textual format, i

Re: [DISCUSS] CEP-21: Transactional Cluster Metadata

Thanks! The core of the proposal is around the sequencing metadata changes and ensuring that they're delivered to/processed by nodes in the right order and at the right time. The actual mechanisms for imposing that order and for maintaining the log are pretty simple to implement. We envision us