cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dani Traphagen <dani.trapha...@datastax.com>
Subject Re: Security labels
Date Fri, 29 Jan 2016 17:20:51 GMT
Also -- it looks like you're really asking questions about session timeouts
and security labels as they associate, would be more helpful to keep in one
thread. :)

On Friday, January 29, 2016, Dani Traphagen <dani.traphagen@datastax.com>
wrote:

> Hi Oleg,
>
> I understand your frustration but unfortunately, in the terms of your
> security assessment, you have fallen into a mismatch for Cassandra's
> utility.
>
> The eventuality of having multiple sockets open without the query input
> for long durations of time isn't something that was
> architected...because...Cassnadra was built to take massive quantities
> of queries both in volume and velocity.
>
> Your expectation of the database isn't in line with how our why it was
> designed. Generally, security solutions are architected
> around Cassandra, baked into the data model, many solutions
> are home-brewed, written into the application or provided by using another
> security client.
>
> DSE has different security aspects rolling out in the next release
> as addressed earlier by Jack, like commit log and hint encryptions, as well
> as, unified authentication...but secuirty labels aren't on anyone's radar
> as a pressing "need." It's not something I've heard about as a
> priority before anyway.
>
> Hope this helps!
>
> Cheers,
> Dani
>
> On Friday, January 29, 2016, oleg yusim <olegyusim@gmail.com> wrote:
>
>> Jack,
>>
>> Thanks for your suggestion. I'm familiar with Cassandra documentation,
>> and I'm aware of differences between DSE and Cassandra.
>>
>> Questions I ask here are those, I found no mention about in
>> documentation. Let's take security labels for instance. Cassandra
>> documentation is completely silent on this regard and so is Google. I
>> assume, based on it, Cassandra doesn't support it. But I can't create
>> federal compliance security document for Cassandra basing it of my
>> assumptions and lack of information solely. That is where my questions stem
>> from.
>>
>> Thanks,
>>
>> Oleg
>>
>> On Fri, Jan 29, 2016 at 10:17 AM, Jack Krupansky <
>> jack.krupansky@gmail.com> wrote:
>>
>>> To answer any future questions along these same lines, I suggest that
>>> you start by simply searching the doc and search the github repo for the
>>> source code for the relevant keywords. That will give you the definitive
>>> answers quickly. If something is missing, feel free to propose that it be
>>> added (if you really need it). And feel free to confirm here if a quick
>>> search doesn't give you a solid answer.
>>>
>>> Here's the root page for security in the Cassandra doc:
>>>
>>> https://docs.datastax.com/en/cassandra/3.x/cassandra/configuration/secureTOC.html
>>>
>>> Also note that on questions of security, DataStax Enterprise may have
>>> different answers than pure open source Cassandra.
>>>
>>> -- Jack Krupansky
>>>
>>> On Thu, Jan 28, 2016 at 8:37 PM, oleg yusim <olegyusim@gmail.com> wrote:
>>>
>>>> Patrick,
>>>>
>>>> Absolutely. Security label is mechanism of access control, utilized by
>>>> MAC (mandatory access control) model, and not utilized by DAC
>>>> (discretionary access control) model, we all are used to. In database
>>>> content it is illustrated for instance here:
>>>> http://www.postgresql.org/docs/current/static/sql-security-label.html
>>>>
>>>> Now, as per my goals, I'm making a security assessment for Cassandra DB
>>>> with a goal to produce STIG on this product. That is one of the parameters
>>>> in database SRG I have to assess against.
>>>>
>>>> Thanks,
>>>>
>>>> Oleg
>>>>
>>>>
>>>> On Thu, Jan 28, 2016 at 6:32 PM, Patrick McFadin <pmcfadin@gmail.com>
>>>> wrote:
>>>>
>>>>> Cassandra has support for authentication security, but I'm not
>>>>> familiar with a security label. Can you describe what you want to do?
>>>>>
>>>>> Patrick
>>>>>
>>>>> On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim <olegyusim@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Greetings,
>>>>>>
>>>>>> Does Cassandra support security label concept? If so, where can I
>>>>>> read on how it should be applied?
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Oleg
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
> --
> Sent from mobile -- apologizes for brevity or errors.
>


-- 
Sent from mobile -- apologizes for brevity or errors.

Mime
View raw message