incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Mischo <>
Subject Re: Cassandra access control (was: bandwidth limiting Cassandra's replication and access control)
Date Thu, 12 Nov 2009 16:27:50 GMT

On Nov 12, 2009, at 9:12 AM, Jonathan Ellis wrote:

> 2009/11/12 Ted Zlatanov <>:
>> On Wed, 11 Nov 2009 16:14:09 -0800 Anthony Molinaro <

>> > wrote:

>> The client will login with a Map<String,String> of login tokens and  
>> get
>> an auth token (probably a String containing a UUID) back.  The token
>> will be valid for the duration of the client connection and will  
>> grant
>> access to a single keyspace.  Effectively, the token replaces the old
>> Keyspace argument in all Thrift API calls.
> I'd really prefer to just keep that around in a threadlocal.  There's
> no reason for a client to continue passing a token w/ each call that
> the server already knows.

Another reason for this is it makes code a lot clearer.  If you're  
looking for a keyspace argument, it gets confusing if it suddenly  
becomes a token, because if you don't know what the current connection  
state is (for whatever reason) or if authentication was previously  
done, you might not know what the argument should really be at the  
current moment.  Yes, this can be solved programmatically, but why  
make things more complex than they need to be?

View raw message