cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Sanda <john.sa...@gmail.com>
Subject Re: user / password authentication advice
Date Thu, 12 Dec 2013 12:19:55 GMT
You could use CassandraAuthorizer and PaaswordAuthenticator which ships
with Cassandra. See this article[1] for a good overview.

[1]
http://www.datastax.com/dev/blog/a-quick-tour-of-internal-authentication-and-authorization-security-in-datastax-enterprise-and-apache-cassandra

On Thursday, December 12, 2013, onlinespending wrote:

> OK, thanks for getting me going in the right direction. I imagine most
> people would store password and tokenized authentication information in a
> single table, using the username (e.g. email address) as the key?
>
>
> On Dec 11, 2013, at 10:44 PM, Janne Jalkanen <Janne.Jalkanen@ecyrd.com<javascript:_e({},
'cvml', 'Janne.Jalkanen@ecyrd.com');>>
> wrote:
>
>
> Hi!
>
> You're right, this isn't really Cassandra-specific. Most languages/web
> frameworks have their own way of doing user authentication, and then you
> just typically write a plugin that just stores whatever data the system
> needs in Cassandra.
>
> For example, if you're using Java (or Scala or Groovy or anything else
> JVM-based), Apache Shiro is a good way of doing user authentication and
> authorization. http://shiro.apache.org/. Just implement a custom Realm
> for Cassandra and you should be set.
>
> /Janne
>
> On Dec 12, 2013, at 05:31 , onlinespending <onlinespending@gmail.com<javascript:_e({},
'cvml', 'onlinespending@gmail.com');>>
> wrote:
>
> Hi,
>
> I’m using Cassandra in an environment where many users can login to use an
> application I’m developing. I’m curious if anyone has any advice or links
> to documentation / blogs where it discusses common implementations or best
> practices for user and password authentication. My cursory search online
> didn’t bring much up on the subject. I suppose the information needn’t even
> be specific to Cassandra.
>
> I imagine a few basic steps will be as follows:
>
>
>    - user types in username (e.g. email address) and password
>    - this is verified against a table storing username and passwords
>    (encrypted in some way)
>    - a token is return to the app / web browser to allow further
>    transactions using secure token (e.g. cookie)
>
>
> Obviously I’m only scratching the surface and it’s the detail and best
> practices of implementing this user / password authentication that I’m
> curious about.
>
> Thank you,
> Ben
>
>
>
>
>

-- 

- John

Mime
View raw message