cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sasha Dolgy <sdo...@gmail.com>
Subject Re: SSL & Streaming
Date Tue, 14 Jun 2011 05:29:29 GMT
AJ was responding to an email I sent in March....although i do appreciate
the quick reaponse from the community ;) i moved on to our implementation of
vpn...
On Jun 14, 2011 1:35 AM, "aaron morton" <aaron@thelastpickle.com> wrote:
> Sasha does
https://github.com/apache/cassandra/blob/cassandra-0.8.0/conf/cassandra.yaml#L362help
?
>
> A
>
>
> -----------------
> Aaron Morton
> Freelance Cassandra Developer
> @aaronmorton
> http://www.thelastpickle.com
>
> On 13 Jun 2011, at 23:26, AJ wrote:
>
>> Performance-wise, I think it would be better to just let the client
encrypt sensitive data before storing it, versus encrypting all traffic all
the time. If individual values are encrypted, then they don't have to be
encrypted/decrypted during transit between nodes during the initial updates
as well as during the commissioning of a new node or other times.
>>
>> A drawback, however, is now you have to manage one or more keys for the
lifetime of the data. It will also complicate your data view interfaces.
However, if Cassandra had data encryption built-in somehow, that would solve
this problem... just thinking out loud.
>>
>> Can anyone think of other pro/cons of both strategies?
>>
>> On 3/22/2011 2:21 AM, Sasha Dolgy wrote:
>>> Hi,
>>>
>>> Is there documentation available anywhere that describes how one can
>>> use org.apache.cassandra.security.streaming.* ? After the EC2 posts
>>> yesterday, one question I was asked was about the security of data
>>> being shifted between nodes. Is it done in clear text, or
>>> encrypted..? I haven't seen anything to suggest that it's encrypted,
>>> but see in the source that security.streaming does leverage SSL ...
>>>
>>> Thanks in advance for some pointers to documentation.
>>>
>>> Also, for anyone who is using SSL .. how much of a performance impact
>>> have you noticed? Is it minimal or significant?
>>>
>>
>

Mime
View raw message