OK, thanks for getting me going in the right direction. I imagine most people would store password and tokenized authentication information in a single table, using the username (e.g. email address) as the key?
On Dec 11, 2013, at 10:44 PM, Janne Jalkanen <janne.jalka...@ecyrd.com> wrote: > > Hi! > > You're right, this isn't really Cassandra-specific. Most languages/web > frameworks have their own way of doing user authentication, and then you just > typically write a plugin that just stores whatever data the system needs in > Cassandra. > > For example, if you're using Java (or Scala or Groovy or anything else > JVM-based), Apache Shiro is a good way of doing user authentication and > authorization. http://shiro.apache.org/. Just implement a custom Realm for > Cassandra and you should be set. > > /Janne > > On Dec 12, 2013, at 05:31 , onlinespending <onlinespend...@gmail.com> wrote: > >> Hi, >> >> I’m using Cassandra in an environment where many users can login to use an >> application I’m developing. I’m curious if anyone has any advice or links to >> documentation / blogs where it discusses common implementations or best >> practices for user and password authentication. My cursory search online >> didn’t bring much up on the subject. I suppose the information needn’t even >> be specific to Cassandra. >> >> I imagine a few basic steps will be as follows: >> >> user types in username (e.g. email address) and password >> this is verified against a table storing username and passwords (encrypted >> in some way) >> a token is return to the app / web browser to allow further transactions >> using secure token (e.g. cookie) >> >> Obviously I’m only scratching the surface and it’s the detail and best >> practices of implementing this user / password authentication that I’m >> curious about. >> >> Thank you, >> Ben >> >> >
