Also -- it looks like you're really asking questions about session timeouts and security labels as they associate, would be more helpful to keep in one thread. :)
On Friday, January 29, 2016, Dani Traphagen <dani.trapha...@datastax.com> wrote: > Hi Oleg, > > I understand your frustration but unfortunately, in the terms of your > security assessment, you have fallen into a mismatch for Cassandra's > utility. > > The eventuality of having multiple sockets open without the query input > for long durations of time isn't something that was > architected...because...Cassnadra was built to take massive quantities > of queries both in volume and velocity. > > Your expectation of the database isn't in line with how our why it was > designed. Generally, security solutions are architected > around Cassandra, baked into the data model, many solutions > are home-brewed, written into the application or provided by using another > security client. > > DSE has different security aspects rolling out in the next release > as addressed earlier by Jack, like commit log and hint encryptions, as well > as, unified authentication...but secuirty labels aren't on anyone's radar > as a pressing "need." It's not something I've heard about as a > priority before anyway. > > Hope this helps! > > Cheers, > Dani > > On Friday, January 29, 2016, oleg yusim <olegyu...@gmail.com> wrote: > >> Jack, >> >> Thanks for your suggestion. I'm familiar with Cassandra documentation, >> and I'm aware of differences between DSE and Cassandra. >> >> Questions I ask here are those, I found no mention about in >> documentation. Let's take security labels for instance. Cassandra >> documentation is completely silent on this regard and so is Google. I >> assume, based on it, Cassandra doesn't support it. But I can't create >> federal compliance security document for Cassandra basing it of my >> assumptions and lack of information solely. That is where my questions stem >> from. >> >> Thanks, >> >> Oleg >> >> On Fri, Jan 29, 2016 at 10:17 AM, Jack Krupansky < >> jack.krupan...@gmail.com> wrote: >> >>> To answer any future questions along these same lines, I suggest that >>> you start by simply searching the doc and search the github repo for the >>> source code for the relevant keywords. That will give you the definitive >>> answers quickly. If something is missing, feel free to propose that it be >>> added (if you really need it). And feel free to confirm here if a quick >>> search doesn't give you a solid answer. >>> >>> Here's the root page for security in the Cassandra doc: >>> >>> https://docs.datastax.com/en/cassandra/3.x/cassandra/configuration/secureTOC.html >>> >>> Also note that on questions of security, DataStax Enterprise may have >>> different answers than pure open source Cassandra. >>> >>> -- Jack Krupansky >>> >>> On Thu, Jan 28, 2016 at 8:37 PM, oleg yusim <olegyu...@gmail.com> wrote: >>> >>>> Patrick, >>>> >>>> Absolutely. Security label is mechanism of access control, utilized by >>>> MAC (mandatory access control) model, and not utilized by DAC >>>> (discretionary access control) model, we all are used to. In database >>>> content it is illustrated for instance here: >>>> http://www.postgresql.org/docs/current/static/sql-security-label.html >>>> >>>> Now, as per my goals, I'm making a security assessment for Cassandra DB >>>> with a goal to produce STIG on this product. That is one of the parameters >>>> in database SRG I have to assess against. >>>> >>>> Thanks, >>>> >>>> Oleg >>>> >>>> >>>> On Thu, Jan 28, 2016 at 6:32 PM, Patrick McFadin <pmcfa...@gmail.com> >>>> wrote: >>>> >>>>> Cassandra has support for authentication security, but I'm not >>>>> familiar with a security label. Can you describe what you want to do? >>>>> >>>>> Patrick >>>>> >>>>> On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim <olegyu...@gmail.com> >>>>> wrote: >>>>> >>>>>> Greetings, >>>>>> >>>>>> Does Cassandra support security label concept? If so, where can I >>>>>> read on how it should be applied? >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Oleg >>>>>> >>>>> >>>>> >>>> >>> >> > > -- > Sent from mobile -- apologizes for brevity or errors. > -- Sent from mobile -- apologizes for brevity or errors.
