Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id F3A5A200D3D for ; Mon, 13 Nov 2017 12:16:37 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id F2154160BF3; Mon, 13 Nov 2017 11:16:37 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 1E4C6160BE4 for ; Mon, 13 Nov 2017 12:16:36 +0100 (CET) Received: (qmail 39549 invoked by uid 500); 13 Nov 2017 11:16:35 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 39462 invoked by uid 99); 13 Nov 2017 11:16:35 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Nov 2017 11:16:35 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 71C0AC1B46 for ; Mon, 13 Nov 2017 11:16:34 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.978 X-Spam-Level: * X-Spam-Status: No, score=1.978 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id tGr7htKtHCra for ; Mon, 13 Nov 2017 11:16:32 +0000 (UTC) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0138.outbound.protection.outlook.com [104.47.0.138]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 56E3A5FC64 for ; Mon, 13 Nov 2017 11:16:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ywPmAVc6xWPybpF4iGLzkYgwartHpY9RRNtUORmcpow=; b=ap2rCFqPiW81m77+mO15Lqdxd3g/FGe0YTeGjzWNKsdBCcV89i5WyPnuPM3ITgC5hThDjCd7sW9tiPUuC9RvyKm45y3p+aiwya5F3i2WuKnvMwnnPncl+qloCdCPBfXQX/ELLwH7SxyO8hz6FioVyC27ipKeFjlx6DallrkgV8s= Received: from DB6PR0701MB2133.eurprd07.prod.outlook.com (10.168.58.12) by HE1PR07MB1194.eurprd07.prod.outlook.com (10.163.178.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.239.4; Mon, 13 Nov 2017 11:16:24 +0000 Received: from DB6PR0701MB2133.eurprd07.prod.outlook.com ([fe80::89a1:ad1a:879d:e181]) by DB6PR0701MB2133.eurprd07.prod.outlook.com ([fe80::89a1:ad1a:879d:e181%17]) with mapi id 15.20.0239.004; Mon, 13 Nov 2017 11:16:23 +0000 From: "Mokkapati, Bhargav (Nokia - IN/Chennai)" To: "user@cassandra.apache.org" CC: "Birlasekaran, Dinesh (Nokia - IN/Chennai)" , "R, Jayaram (Nokia - IN/Chennai)" Subject: Securing Cassandra database Thread-Topic: Securing Cassandra database Thread-Index: AdNccLtYhEt/yNHpSb234TLsS0E3oQ== Date: Mon, 13 Nov 2017 11:16:23 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [135.245.121.13] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;HE1PR07MB1194;6:YgMk0H8fKlQ+KOEW05RbrKv6hn/ie47MdLQeO+ysW/5C58noj6gPoyVTCnL6vlrI2mhLj3mHkH+2bJ6s3Qb0TbVNtN2/NwBXFgARjjrt/+nES8kqVmdK+uMk4LFMrjuCUf1yterTA39WHMcaijhhpL8AEk3Ci562F544D7bLm13gYPeVYQEoV2XWIhw/WNPRa+B7Dh6F5cA/orsNinB4F1+Gjd3qpo8XyZ28Jd0AQ0ZG/EkHBnlyefCYexuKR8iF6UYYp8wU345WNNNLQRtaXOwxpg6hcetF8aODfmvEglKvC0tKsaoQ9NEZWXOOG4wa3LIOkHXu0/YGLQlv0CaimjSCw9WR6I/Y2QFd7a1qKxE=;5:E1tU8736fGlspLlAT1k0ggQdEpezfycDZ5BAbBtJCQa4RprTKkinAQfayNTHZb/oBoS5BAEHCVZj0Q6MlRpkjhHmLfiZh88Nh5xjDP0Gv3onKQYmgeJ93XU9BwrYuJo/0ORqri0yUSlknU9jU0f9j+HsEi96tDOJZKu/6F7yLuQ=;24:dJDi2JzbuUdoKiEkosiXK2XXBwXEDX/+5k/gYzAzvetIafiB7t0hEVdVLG4b8id3ns270KzdK7YOAwhP/GJAIminscxCotGeQ2UxoJLKbtw=;7:mUFC+t4jrly+MjLNzeeKPbuWUkbgYutfztRLtbv5EFQP0n2oMLmxqQw4zCSMqK39E0mSaif+/XBl7OMJRjz3OHZk+ri/EIMCtHwbqqegxsgUFsgDwTbXUMho5fmwJCBrGRqtabpsPlEuNyWBugV3Ibd9RgxpK48ElCVO5zI7TcTT8P3MyiK6Hs7Skq6D5yOCO9JuTTylXZbWKTfhtVQbX9NohvjnkBwa6vFRAOCX3feUfXbG3vGTPcBA54mBzSfu x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-forefront-antispam-report: SFV:SKI;SCL:-1;SFV:NSPM;SFS:(10019020)(6009001)(39860400002)(346002)(376002)(189002)(199003)(4326008)(25786009)(50986999)(8676002)(105586002)(101416001)(14454004)(99286004)(7696004)(3846002)(106356001)(81156014)(478600001)(107886003)(6916009)(33656002)(3280700002)(7736002)(1730700003)(6116002)(68736007)(790700001)(74316002)(9686003)(8936002)(102836003)(2906002)(551544002)(6306002)(81166006)(55016002)(54896002)(7116003)(2900100001)(5660300001)(189998001)(54356999)(5250100002)(9326002)(53936002)(316002)(86362001)(2351001)(66066001)(3660700001)(97736004)(3480700004)(54906003)(19609705001)(2501003)(5640700003)(6436002)(6506006);DIR:OUT;SFP:1102;SCL:1;SRVR:HE1PR07MB1194;H:DB6PR0701MB2133.eurprd07.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; x-ms-office365-filtering-correlation-id: eead9ee1-3f17-4aa7-e4ef-08d52a87f93e x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603258);SRVR:HE1PR07MB1194; x-ms-traffictypediagnostic: HE1PR07MB1194: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(192374486261705)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(3231022)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041248)(20161123560025)(20161123555025)(20161123564025)(20161123562025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:HE1PR07MB1194;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:HE1PR07MB1194; x-forefront-prvs: 0490BBA1F0 received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=bhargav.mokkapati@nokia.com; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_DB6PR0701MB21335BFD2073EDE30DD864C7FF2B0DB6PR0701MB2133_" MIME-Version: 1.0 X-OriginatorOrg: nokia.com X-MS-Exchange-CrossTenant-Network-Message-Id: eead9ee1-3f17-4aa7-e4ef-08d52a87f93e X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2017 11:16:23.1674 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB1194 archived-at: Mon, 13 Nov 2017 11:16:38 -0000 --_000_DB6PR0701MB21335BFD2073EDE30DD864C7FF2B0DB6PR0701MB2133_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Team, We are using Apache Cassandra 3.0.13 version. As part of Cassandra database security, we have created database super user= authentication, but from driver side we have default cql connection syntax= as "cqlsh " not like "cqlsh -u username and -p pa= ssword". So cqlsh connection failing from application side. So we have choosen a firewall method to limit the access to Cassandra datab= ase with system IP address ranges. Suggest us If any other better method than IP address firewall to create a = security for Cassandra. Thanks, Bhargav --_000_DB6PR0701MB21335BFD2073EDE30DD864C7FF2B0DB6PR0701MB2133_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Team,

 

We are using Apache Cassandra 3.0.13 version.

 

As part of Cassandra database security, we have crea= ted database super user authentication, but from driver side we have defaul= t cql connection syntax as “cqlsh <ip address>” not like “cqlsh &= lt;ip address> -u username and -p password”. So cqlsh conne= ction failing from application side.

 

So we have choosen a firewall method to limit the ac= cess to Cassandra database with system IP address ranges.

 

Suggest us If any other better method than IP addres= s firewall to create a security  for Cassandra.

 

Thanks,

Bhargav

--_000_DB6PR0701MB21335BFD2073EDE30DD864C7FF2B0DB6PR0701MB2133_--