cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Allsopp (Commented) (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-2274) Restrict Cassandra cluster node joins to a list of named hosts
Date Fri, 11 Nov 2011 15:36:51 GMT


David Allsopp commented on CASSANDRA-2274:

Just a thought - I don't know what the overhead is with encryption enabled, but if this is
a major issue, then presumably encryption could be enabled with a cypher suite that doesn't
actually _encrypt_, thus providing just data _integrity_ (MD5/SHA checksum) or even a 'null'
encryption algorithm? I assume (!) that this would provide authentication via the certificates,
without the encryption overhead.

Listing the supported suites using SSLContext.getServerSocketFactory().getSupportedCipherSuites()
includes SSL_RSA_WITH_NULL_MD5 and SSL_RSA_WITH_NULL_SHA - which are suites used for integrity
only (checksum). 
> Restrict Cassandra cluster node joins to a list of named hosts
> --------------------------------------------------------------
>                 Key: CASSANDRA-2274
>                 URL:
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 0.7.2
>         Environment: All
>            Reporter: Andrew Schiefelbein
> Because firewalls and employees are not infallible it would be nice to restrict the ability
of any node to join a cluster to a list of named hosts in the configuration so that someone
would be unable to start a node and replicate all the data locally.  I understand that in
order to do this the person must know the seed servers and the cluster name and to extract
the data they will need a userid and password but another level of security would be to force
them to execute any brute force attack from a locked down server instead of replicating all
the data locally.  

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message