cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Per Otterström (JIRA) <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-13404) Hostname verification for client-to-node encryption
Date Fri, 22 Sep 2017 06:23:00 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-13404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16175980#comment-16175980
] 

Per Otterström commented on CASSANDRA-13404:
--------------------------------------------

That is an interesting approach. A bit overkill for this small change in itself. And if we
argue that the "require_endpoint_verification" option easily could get misunderstood or misconfigured,
then I think this will present far more opportunities to get it wrong.

Then again, making this pluggable would be very powerful and I can think of a few useful ways
to use that. On the downside, this approach will not encourage users to provide security improvements
to the community, but instead keep that in their own custom plugins.

I'm willing to work out an example on how such a plugin API could look. Unless someone else
was planning to grab this task of course?

> Hostname verification for client-to-node encryption
> ---------------------------------------------------
>
>                 Key: CASSANDRA-13404
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13404
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Jan Karlsson
>            Assignee: Jan Karlsson
>             Fix For: 4.x
>
>         Attachments: 13404-trunk.txt
>
>
> Similarily to CASSANDRA-9220, Cassandra should support hostname verification for client-node
connections.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org


Mime
View raw message