Re: [DISCUSS] CEP-20: Dynamic Data Masking

Is it typical for a masking feature to make no effort to prevent unmasking? I’m just struggling to see the value of this without such mechanisms. Otherwise it’s just a default formatter, and we should consider renaming the feature IMO > On 23 Aug 2022, at 21:27, Andrés de la Peña wrote: > > 

Re: [DISCUSS] CEP-20: Dynamic Data Masking

This seems to me to be a client display filter, applied at the last moment as data are streaming back to the client. It has no impact on any keys, queries or secondary internal index or materialized view. It simply prevents the display from showing the complete value. It does not preclude determ

Re: [DISCUSS] CEP-20: Dynamic Data Masking

> > Is it typical for a masking feature to make no effort to prevent > unmasking? I’m just struggling to see the value of this without such > mechanisms. Otherwise it’s just a default formatter, and we should consider > renaming the feature IMO The security that Dynamic Data Masking is bringing i

Re: [DISCUSS] CEP-20: Dynamic Data Masking

The PCI DSS Standard v4_0 requires that credit card numbers stored on the system must be "rendered unreadable", thus this proposal is _NOT_ a good way to protect credit card numbers. In fact, for any critically sensiti

Re: [DISCUSS] CEP-20: Dynamic Data Masking

This change appears to be looking at two aspects: 1. Add metadata to columns 2. Add functionality based on the metadata. If the system had a generic user defined metadata and the ability to define filter functions at the point where data are being returned to the client it would be possible

Re: [DISCUSS] CEP-20: Dynamic Data Masking

> > The PCI DSS Standard v4_0 > > requires > that credit card numbers stored on the system must be "rendered > unreadable", thus this proposal is _NOT_ a good way to protect credit card > numbers. My point was simply

Re: [DISCUSS] CEP-21: Transactional Cluster Metadata

Should (**) It may seem counterintuitive, that A is being written to even after > we've stopped reading from it. This is done in order to guarantee that by > the time we stop writing to the node giving up the range, there is no > coordinator that may attempt reading from it without learning about

Re: [DISCUSS] CEP-20: Dynamic Data Masking

Right, but we get to decide how we offer such features and what we call them. I can’t imagine a good reason to call this a masking feature, especially one that applies differentially to certain users, when it is trivial to unmask. I’m ok offering a feature called “default formatter” or something

Re: [DISCUSS] CEP-20: Dynamic Data Masking

> > Is it typical for a masking feature to make no effort to prevent > unmasking? I’m just struggling to see the value of this without such > mechanisms. Otherwise it’s just a default formatter, and we should consider > renaming the feature IMO I'd say it's a pretty standard feature. There are tw

Re: [DISCUSS] CEP-20: Dynamic Data Masking

Here are the names of the feature on same databases out there, errors and omission excepted: - Microsoft SQL Server / Azure SQL: Dynamic data masking - MySQL: Enterprise data masking and de-identification - PostgreSQL: Dynamic masking - MongoDB: Data masking - IBM Db2: Masks - Or

Re: [DISCUSS] CEP-21: Transactional Cluster Metadata

Good catch, I'll update the doc. Thanks, Sam > On 24 Aug 2022, at 10:24, Claude Warren, Jr via dev > wrote: > > Should > > (**) It may seem counterintuitive, that A is being written to even after > we've stopped reading from it. This is done in order to guarantee that by the > time we sto

unsubscribe

Regards, Arpit Joshi

Re: unsubscribe

Sorry to see you go. If you'd like to unsubscribe from the dev ML, please email dev-unsubscr...@cassandra.apache.org. Cheers! On Wed, 24 Aug 2022 at 23:01, Arpit J wrote: > > Regards, > Arpit Joshi > >

Re: [DISCUSS] CEP-20: Dynamic Data Masking

I can’t tell for sure, but the documentation on Postgres’ feature suggests to me that it does apply the masking to all possible uses of the data, including joining and querying. Snowflake’s documentation explicitly says that it does. MySQL’s documentation suggests that it does this. Oracle, AW

Re: [DISCUSS] CEP-20: Dynamic Data Masking

Where does MySQL suggest that? As far I can tell MySQL only offers a set of functions for masking. I can't see a way to force users or tables to use those functions, and is up to the users to use those functions or not. I'm reading this documentation

Re: [DISCUSS] CEP-20: Dynamic Data Masking

The MySQL feature is not equivalent to this proposal, it simply offers new transformation functions that implement this functionality, so it is up to the application to apply these functions to its own selects or, as most examples seem to use, to create a view on the data that applies the functi

Re: [DISCUSS] CEP-20: Dynamic Data Masking

This is the difference between security and compliance I guess :-D The way I see this, the attacker or threat in this concept is not the developer with access to the database. Rather a feature like this is just a convenient way to apply some masking rule in a centralized way. The protection is aga

[DISCUSS] Join OpenJDK Quality Outreach program

Hi everyone, Some time ago I started ML thread [1] around Java 17 support. I mentioned there joining the OpenJDK Quality Outreach program[2]. I can go ahead and do it now if no one is against it, the contact can be just our dev-mailing list I guess. In other news...I am back to CASSANDRA-16895, ope

[Marketing] For Review: Performance Benchmarking of Apache Cassandra in the Cloud

Here is Part 1 in a series of 3 on performance benchmarking in Apache Cassandra by Daniel Seybold: https://docs.google.com/document/d/1eMFYEOp8lNxZCYelYCWj6jXZ-VaJGNbl2YE3jLWRdOA/edit?usp=sharing We are opening this up for 72-hour community review. Please add your amends in the comments—thanks ver