Performance-wise, I think it would be better to just let the client
encrypt sensitive data before storing it, versus encrypting all traffic
all the time. If individual values are encrypted, then they don't have
to be encrypted/decrypted during transit between nodes during the
initial updates as well as during the commissioning of a new node or
other times.
A drawback, however, is now you have to manage one or more keys for the
lifetime of the data. It will also complicate your data view
interfaces. However, if Cassandra had data encryption built-in somehow,
that would solve this problem... just thinking out loud.
Can anyone think of other pro/cons of both strategies?
On 3/22/2011 2:21 AM, Sasha Dolgy wrote:
Hi,
Is there documentation available anywhere that describes how one can
use org.apache.cassandra.security.streaming.* ? After the EC2 posts
yesterday, one question I was asked was about the security of data
being shifted between nodes. Is it done in clear text, or
encrypted..? I haven't seen anything to suggest that it's encrypted,
but see in the source that security.streaming does leverage SSL ...
Thanks in advance for some pointers to documentation.
Also, for anyone who is using SSL .. how much of a performance impact
have you noticed? Is it minimal or significant?
