cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Hanna <>
Subject Re: Client traffic encryption best practices....
Date Fri, 12 Aug 2011 18:56:04 GMT
Vijay made a good point off list, thrift-106 is about Java support, but other languages have
been implemented or at least have tickets to follow for them:

Python support (thrift 0.7):

C++ support (thrift 0.7):

C# (patch attached but no progress in a while):

PHP (patch attached but no progress in a while):

On Aug 12, 2011, at 9:39 AM, Jeremy Hanna wrote:

> Yes - that ticket was done by Nirmal Ranganathan for the intention of getting support
in Cassandra.  That's just for a java client though.
> In the future, I wonder if the CQL driver level is the right place for client encryption.
> On Aug 11, 2011, at 11:26 PM, Vijay wrote:
>> seems to be the right way to go....
but the cassandra server needs to support too which we might want to add....
>> Regards,
>> </VJ>
>> On Thu, Aug 11, 2011 at 2:54 PM, Chris Marino <> wrote:
>> Hello, is there any consensus on how to secure client/cluster communications???
>> I'm running an 8 node cluster across EC2 regions.  I'm running inter-node encryption
and I want to encrypt the traffic from the clients as well.
>> My options seem to be:
>> Have the client connect to only one node and encrypt that one connection with OpenVPN/stunnel
(or something similar). Or, set up an encrypted tunnel from the client to each node. Is there
a client library that could take care of this for me??
>> Setting up tunnels to each node is a major pain, but pointing the client to only
one node is going to kill my performance.  I'm running 4 nodes in each EC2 region with one
client in each. Maybe I could connect the client only to the local nodes, which should simplify
things a bit, but I was wondering if anyone had any experience with this or could suggest
something that might be better.
>> Please let me know.
>> Thanks.
>> CM

View raw message