cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Brown (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-6018) Add option to encrypt commitlog
Date Sat, 01 Aug 2015 15:51:05 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-6018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14650404#comment-14650404
] 

Jason Brown commented on CASSANDRA-6018:
----------------------------------------

Code diff for the branch is [here|https://github.com/apache/cassandra/compare/trunk...jasobrown:feature/jasobrown/tde-commit-log-2].
Some brief comments about the patch:

o.a.c.commitlog
- CommitLogDescriptor - write out some encryption fields to the header to allow future decryption.
Note: we write out the the alias of the key used from the keystore when the log file is written,
that way, in case the key used for encryption changes, we still have a reference to something
that can decrypted the log file (as long as that key is still available, by the same name).
- pulled much of CompressedSegment up into a parent class (FileDirectSegment), which is also
subclassed by EncryptedSegment
- created SegmentReader, largely as a need to refactor the CommitLogReplayer code to allow
encryption. It allows iteration of the segments within the commit log file, and each individual


added some helper methods to ByteBufferUtil and ChannelProxy

tests: about 40% of this patch is tests. I refactored the existing CommitLogTest, and added
unit tests for both encrypted and compressed commit log variants.

> Add option to encrypt commitlog 
> --------------------------------
>
>                 Key: CASSANDRA-6018
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-6018
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Jason Brown
>            Assignee: Jason Brown
>              Labels: commit_log, encryption, security
>             Fix For: 3.x
>
>
> We are going to start using cassandra for a billing system, and while I can encrypt sstables
at rest (via Datastax Enterprise), commit logs are more or less plain text. Thus, an attacker
would be able to easily read, for example, credit card numbers in the clear text commit log
(if the calling app does not encrypt the data itself before sending it to cassandra).
> I want to allow the option of encrypting the commit logs, most likely controlled by a
property in the yaml.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message