cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksey Yeschenko (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-5401) Pluggable security feature to prevent node from joining a cluster and running destructive commands
Date Fri, 05 Apr 2013 00:22:17 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-5401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13623111#comment-13623111
] 

Aleksey Yeschenko commented on CASSANDRA-5401:
----------------------------------------------

For the record, I still think this is really iptables' job.
                
> Pluggable security feature to prevent node from joining a cluster and running destructive
commands
> --------------------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-5401
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-5401
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Config, Core
>    Affects Versions: 1.1.10
>         Environment: Production
>            Reporter: Ahmed Bashir
>            Assignee: Aleksey Yeschenko
>            Priority: Trivial
>              Labels: configuration, security
>             Fix For: 1.2.4
>
>         Attachments: 5401.txt
>
>
> It's possible for a node to join an existing cluster (with perhaps more stringent security
restrictions i.e. not using AllowAllAuthentication) and issue destructive commands that affect
the cluster at large (e.g. drop keyspace via cassandra-cli, etc).  
> This can be circumvented with a pluggable security module that could be used to implement
basic node vetting/identification/etc.  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message