Jack, This document doesn't cover all the areas where user will need to get engaged in explicit mitigation, it only covers those, I wasn't sure about. But - you are making a good point here. Let me update the document with the rest of the gaps, so community would have a complete list here.
Thanks, Oleg On Thu, Feb 11, 2016 at 3:38 PM, Jack Krupansky <jack.krupan...@gmail.com> wrote: > Thanks! A useful contribution, no matter what the outcome. I trust your > ability to read of the doc, so I don't expect a lot of change to the > responses, but we'll see. At a minimum, it will probably be good to have > doc to highlight areas where users will need to engage in explicit > mitigation efforts if their infrastructure does not implicitly effect > mitigation for various security exposures. > > -- Jack Krupansky > > On Thu, Feb 11, 2016 at 3:21 PM, oleg yusim <olegyu...@gmail.com> wrote: > >> Robert, Jack, Bryan, >> >> As you suggested, I put together document, titled >> Cassandra_Security_Topics_to_Discuss, put it on Google Drive and shared it >> with everybody on this list. The document contains list of questions I have >> on Cassandra, my take on it, and has a place for notes Community would like >> to make on it. >> >> Please, review. Any help would be appreciated greatly. >> >> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM >> >> Oleg >> >> On Fri, Jan 29, 2016 at 6:30 PM, Bryan Cheng <br...@blockcypher.com> >> wrote: >> >>> To throw my (unsolicited) 2 cents into the ring, Oleg, you work for a >>> well-funded and fairly large company. You are certainly free to continue >>> using the list and asking for community support (I am definitely not in any >>> position to tell you otherwise, anyway), but that community support is by >>> definition ad-hoc and best effort. Furthermore, your questions range from >>> trivial to, as Jonathan as mentioned earlier, concepts that many of us have >>> no reason to consider at this time (perhaps your work will convince us >>> otherwise- but you'll need to finish it first ;) ) >>> >>> What I'm getting at here is that perhaps, if you need faster, deeper >>> level, and more elaborate support than this list can provide, you should >>> look into the services of a paid Cassandra support company like Datastax. >>> >>> On Fri, Jan 29, 2016 at 3:34 PM, Robert Coli <rc...@eventbrite.com> >>> wrote: >>> >>>> On Fri, Jan 29, 2016 at 3:12 PM, Jack Krupansky < >>>> jack.krupan...@gmail.com> wrote: >>>> >>>>> One last time, I'll simply renew my objection to the way you are >>>>> abusing this list. >>>>> >>>> >>>> FWIW, while I appreciate that OP (Oleg) is attempting to do a service >>>> for the community, I agree that the flood of single topic, context-lacking >>>> posts regarding deep internals of Cassandra is likely to inspire the >>>> opposite of a helpful response. >>>> >>>> This is important work, however, so hopefully we can collectively find >>>> a way through the meta and can discuss this topic without acrimony! :D >>>> >>>> =Rob >>>> >>>> >>> >>> >> >
