cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Schiefelbein (Commented) (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-2274) Restrict Cassandra cluster node joins to a list of named hosts
Date Mon, 24 Oct 2011 18:34:32 GMT


Andrew Schiefelbein commented on CASSANDRA-2274:

Though I agree that you could fix this particular problem by walling off the systems I don't
believe that is a very workable solution for larger environments where all you have is the
ability to log in as a named user to a system in the data center, and you do not have root
access and if you wish to setup firewalls the best that can said to you is good luck with
that.  The thing that I was pushing for in my original post was to have the ability to control
access without modification to a host system, or host network, and to be able to do this as
an enfeebled user and not a super one.  I agree with you that if this was available you would
do one or the other, doing both would cause no end of problems, but to have the ability to
control this as a normal user makes life easier for those of us who have to play nicely in
a very small sandbox.
> Restrict Cassandra cluster node joins to a list of named hosts
> --------------------------------------------------------------
>                 Key: CASSANDRA-2274
>                 URL:
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 0.7.2
>         Environment: All
>            Reporter: Andrew Schiefelbein
> Because firewalls and employees are not infallible it would be nice to restrict the ability
of any node to join a cluster to a list of named hosts in the configuration so that someone
would be unable to start a node and replicate all the data locally.  I understand that in
order to do this the person must know the seed servers and the cluster name and to extract
the data they will need a userid and password but another level of security would be to force
them to execute any brute force attack from a locked down server instead of replicating all
the data locally.  

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message