cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Malone <m...@simplegeo.com>
Subject Re: Authentication
Date Wed, 14 Jul 2010 05:25:16 GMT
Yep, as Ben said, we're not asking for anyone to write this for us.

We've been playing with some ideas around encryption between EC2
data-centers/regions (intra-region is already secure enough for us -- it's
all switches / dedicate lines) and the easiest solution seems to be to wrap
the inter-Cassandra-node RPC protocol with SSL and simply deploy SSL certs
along with the clients via some out-of-band mechanism (in our case, probably
Puppet).

Honestly, I think this should be a pretty trivial patch. It's just a matter
of (optionally) wrapping the sockets for RPC connections with SSL. I'm
guessing there are facilities that make this pretty easy in Java that we can
leverage. We're mostly interested in getting feedback and buy-in from the
rest of the community before writing the code. If anyone has any better
ideas in terms of pay-off / lines of code we're _definitely_ all ears. But
for our use cases this seems like a big win.

Mike

On Tue, Jul 13, 2010 at 10:14 PM, Ben Standefer <ben@simplegeo.com> wrote:

> Yes, possibly.  We haven't written it yet, and I was putting some feelers
> out there to see if there's any interest or buy-in from committers if we did
> contribute it.
>
> -Ben
>
>
> On Tue, Jul 13, 2010 at 3:23 PM, Jonathan Ellis <jbellis@gmail.com> wrote:
>
>> Are you interested in contributing this?
>>
>> On Tue, Jul 13, 2010 at 4:22 PM, Ben Standefer <ben@simplegeo.com> wrote:
>> > Many apps would find it realistic or feasible to failover database
>> > connections across the country (going from <1ms latency to ~90ms
>> latency).
>> >  The scheme of failing over client database connections across the
>> country
>> > is probably the minority case.  SSL between Cassandra nodes, even
>> without
>> > encryption in the clients connecting to a Cassandra node, would still be
>> > very useful if you want to mirror infrastructure in different parts of
>> the
>> > world to provide users with localized low-latency access.
>>
>
>

Mime
View raw message