cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Podkowinski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-10724) Allow option to only encrypt username/password transfer, not data
Date Tue, 16 Feb 2016 14:36:18 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-10724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15148668#comment-15148668
] 

Stefan Podkowinski commented on CASSANDRA-10724:
------------------------------------------------

Username/password authentication is only taking place for client-to-node communication at
the beginning of _each_ connection using SASL over an unencrypted or TLS secured connection.
In case of TLS, all further data will be send encrypted afterwards. I'm not aware of any ways
to downgrade the TLS connection to plaintext after authentication, if that's what you're suggesting.
Can you elaborate why you need to make sure to protect the user credentials, but would be
fine by sending all actual data unencrypted?

> Allow option to only encrypt username/password transfer, not data
> -----------------------------------------------------------------
>
>                 Key: CASSANDRA-10724
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10724
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Thom Valley
>            Priority: Minor
>
> Turning on SSL for both client->node and node->node connections is a resource intensive
(expensive) operation.
> Being able to only encrypt the username/password when passed (or looked up) as an option
would greatly reduce the encryption / decryption overhead created by turning on SSL for all
traffic.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message