cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thorsten von Eicken <>
Subject Re: bandwidth limiting Cassandra's replication and access control
Date Thu, 12 Nov 2009 07:32:13 GMT
A simple per keyspace authentication is a much needed feature for 
cassandra. This has little to do with "exposed to the outside world". 
The ACL on a cassandra server needs to give thrift access to clients, 
such as application servers. Without any authentication anyone having 
access to any server that can access the cassandra cluster has access to 
all data on the cluster. That's bad.
The authentication allows the admin to reduce exposure such that the 
compromise of one client server only affects the keyspace to which the 
client has access. If you do things well and don't store the password on 
the app server disk you can even protect the data accessed by the app 
server from (all but the most sophisticated) intruders onto the app 
server machines themselves. All this falls under the "defense in depth" 

Joe Stump wrote:
> On Nov 11, 2009, at 3:29 PM, Alexander Vushkan wrote:
>> ...but authentication support would be nice to have...
> I'll continue to object to this. If you're considering running 
> Cassandra (or MySQL or Reddis or Memcache or MemcacheDB or ...) on an 
> open network Ur Doin' It Wrong. This is what VPN's were created for. 
> Nobody in their right mind runs stuff like this, in production, 
> exposed to the outside world.
> Cassandra was built for performance and adding this authentication 
> stuff will do nothing but be an unneeded performance hit for a use 
> case that the project shouldn't be fulfilling.
> --Joe

View raw message