cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dani Traphagen <>
Subject Security labels
Date Fri, 29 Jan 2016 16:57:58 GMT
Hi Oleg,

I understand your frustration but unfortunately, in the terms of your
security assessment, you have fallen into a mismatch for Cassandra's

The eventuality of having multiple sockets open without the query input for
long durations of time isn't something that was
architected...because...Cassnadra was built to take massive quantities
of queries both in volume and velocity.

Your expectation of the database isn't in line with how our why it was
designed. Generally, security solutions are architected
around Cassandra, baked into the data model, many solutions
are home-brewed, written into the application or provided by using another
security client.

DSE has different security aspects rolling out in the next release
as addressed earlier by Jack, like commit log and hint encryptions, as well
as, unified authentication...but secuirty labels aren't on anyone's radar
as a pressing "need." It's not something I've heard about as a
priority before anyway.

Hope this helps!


On Friday, January 29, 2016, oleg yusim <
<javascript:_e(%7B%7D,'cvml','');>> wrote:

> Jack,
> Thanks for your suggestion. I'm familiar with Cassandra documentation, and
> I'm aware of differences between DSE and Cassandra.
> Questions I ask here are those, I found no mention about in documentation.
> Let's take security labels for instance. Cassandra documentation is
> completely silent on this regard and so is Google. I assume, based on it,
> Cassandra doesn't support it. But I can't create federal compliance
> security document for Cassandra basing it of my assumptions and lack of
> information solely. That is where my questions stem from.
> Thanks,
> Oleg
> On Fri, Jan 29, 2016 at 10:17 AM, Jack Krupansky <
> > wrote:
>> To answer any future questions along these same lines, I suggest that you
>> start by simply searching the doc and search the github repo for the source
>> code for the relevant keywords. That will give you the definitive answers
>> quickly. If something is missing, feel free to propose that it be added (if
>> you really need it). And feel free to confirm here if a quick search
>> doesn't give you a solid answer.
>> Here's the root page for security in the Cassandra doc:
>> Also note that on questions of security, DataStax Enterprise may have
>> different answers than pure open source Cassandra.
>> -- Jack Krupansky
>> On Thu, Jan 28, 2016 at 8:37 PM, oleg yusim <> wrote:
>>> Patrick,
>>> Absolutely. Security label is mechanism of access control, utilized by
>>> MAC (mandatory access control) model, and not utilized by DAC
>>> (discretionary access control) model, we all are used to. In database
>>> content it is illustrated for instance here:
>>> Now, as per my goals, I'm making a security assessment for Cassandra DB
>>> with a goal to produce STIG on this product. That is one of the parameters
>>> in database SRG I have to assess against.
>>> Thanks,
>>> Oleg
>>> On Thu, Jan 28, 2016 at 6:32 PM, Patrick McFadin <>
>>> wrote:
>>>> Cassandra has support for authentication security, but I'm not familiar
>>>> with a security label. Can you describe what you want to do?
>>>> Patrick
>>>> On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim <>
>>>> wrote:
>>>>> Greetings,
>>>>> Does Cassandra support security label concept? If so, where can I read
>>>>> on how it should be applied?
>>>>> Thanks,
>>>>> Oleg

Sent from mobile -- apologizes for brevity or errors.

View raw message