Return-Path: Delivered-To: apmail-incubator-cassandra-user-archive@minotaur.apache.org Received: (qmail 64198 invoked from network); 11 Nov 2009 21:44:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 11 Nov 2009 21:44:40 -0000 Received: (qmail 27010 invoked by uid 500); 11 Nov 2009 21:44:40 -0000 Delivered-To: apmail-incubator-cassandra-user-archive@incubator.apache.org Received: (qmail 26989 invoked by uid 500); 11 Nov 2009 21:44:40 -0000 Mailing-List: contact cassandra-user-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cassandra-user@incubator.apache.org Delivered-To: mailing list cassandra-user@incubator.apache.org Received: (qmail 26980 invoked by uid 99); 11 Nov 2009 21:44:40 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Nov 2009 21:44:40 +0000 X-ASF-Spam-Status: No, hits=-2.1 required=5.0 tests=AWL,BAYES_00,FS_REPLICA,HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of driftx@gmail.com designates 74.125.92.145 as permitted sender) Received: from [74.125.92.145] (HELO qw-out-1920.google.com) (74.125.92.145) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Nov 2009 21:44:38 +0000 Received: by qw-out-1920.google.com with SMTP id 5so298337qwc.54 for ; Wed, 11 Nov 2009 13:44:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=VmxwATYMbq46MRCNx24Vq3fITjl6g7R911279rzfv2U=; b=EJG5ViQ99L2ekpo+Zt4ODzVY0a5jGUSizJu/jEX0jTckhMXcU+wMyrokuOJbidRRF8 LyZJVfcSJYuudM0AI4rHNh2KMPdzjfSbuRW1VeTBm9pMpWhMJiZ4lmt5tKf8HcKBR6ST uzH7u7eGpPWjb/JAmR2WYRv2GmT4zGiidaUcs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=eC/bCbuwsuNj3qtN81eZYAteQdBjBddHlGH70F1xwUyDBwOWJ+lJ/wH2xSnDr23IHh ZxevqL1R/ZC1YmUmWfklHDwidIEgdiMEFsw9SLtlkTSaBS0pCggrc+yXiWqfs7441ZxT hPj7brfd+CbRGiNEbfiwbwOucrXHpWP5xk+eE= MIME-Version: 1.0 Received: by 10.229.2.19 with SMTP id 19mr290832qch.94.1257975856927; Wed, 11 Nov 2009 13:44:16 -0800 (PST) In-Reply-To: <764B352CF55C514F816B4B14BD2450D803DBB97B@bcs-mail04.internal.cacheflow.com> References: <87eio6p7pb.fsf@lifelogs.com> <87ljienhjx.fsf@lifelogs.com> <87hbt1nnur.fsf@lifelogs.com> <764B352CF55C514F816B4B14BD2450D803DBB97B@bcs-mail04.internal.cacheflow.com> Date: Wed, 11 Nov 2009 15:44:16 -0600 Message-ID: Subject: Re: Re: bandwidth limiting Cassandra's replication and access control From: Brandon Williams To: cassandra-user@incubator.apache.org Content-Type: multipart/alternative; boundary=00148539257a1696b904781f5441 --00148539257a1696b904781f5441 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On Wed, Nov 11, 2009 at 9:40 AM, Coe, Robin wrote: > IMO, auth services should be left to the application layer that interface= s > to Cassandra and not built into Cassandra. In the tutorial snippet inclu= ded > below, the access being granted is at the codebase level, not the > transaction level. Since users of Cassandra will generally be fronted by= a > service layer, the java security manager isn=92t going to suffice. What = this > snippet could do, though, and may be the rationale for the request, is to > ensure that unauthorized users cannot instantiate a new Cassandra server. > However, if a user has physical access to the machine on which Cassandra= is > installed, they could easily bypass that layer of security. > What if Cassandra IS the application you're exposing? Imagine a large company that creates one large internal Cassandra deployment, and has multiple departments it wants to create separate keyspaces for. You can d= o that now, but there's nothing except a gentlemen's agreement to prevent one department from trashing another department's keyspace, and accidents do happen. You can front the service with some kind of application layer, but then you have another API to maintain, and you'll lose some performance thi= s way. -Brandon --00148539257a1696b904781f5441 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable
On Wed, Nov 11, 2009 at 9:40 AM, Coe, Robin <robin.coe@bluec= oat.com> wrote:
IMO, auth services should be left to the application layer that interfaces = to Cassandra and not built into Cassandra. =A0In the tutorial snippet inclu= ded below, the access being granted is at the codebase level, not the trans= action level. =A0Since users of Cassandra will generally be fronted by a se= rvice layer, the java security manager isn=92t going to suffice. =A0What th= is snippet could do, though, and may be the rationale for the request, is t= o ensure that unauthorized users cannot instantiate a new Cassandra server.= =A0However, if a user has physical access to the machine on which Cassandr= a is installed, they could easily bypass that layer of security.

What if Cassandra IS the application you&#= 39;re exposing? =A0Imagine a large company that creates one large internal = Cassandra deployment, and has multiple departments it wants =A0to create se= parate keyspaces for. =A0You can do that now, but there's nothing excep= t a gentlemen's agreement to prevent one department from trashing anoth= er department's keyspace, and accidents do happen. You can front the se= rvice with some kind of application layer, but then you have another API to= maintain, and you'll lose some performance this way.

-Brandon
--00148539257a1696b904781f5441--