incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sasha Dolgy <sdo...@gmail.com>
Subject Re: SSL & Streaming (#1567)
Date Tue, 22 Mar 2011 15:05:31 GMT
I see now that this is too new:
https://issues.apache.org/jira/browse/CASSANDRA-1567 and that it's
scheduled for the 0.8 release.

Is it right to assume the following from the accepted patch:

1.  keystore and truststore passwords are kept in clear text in the
cassandra.yaml ?
2.  It's all or nothing when it comes to inter-node communication over
SSL?  Meaning, nodes that are part of the ring that aren't configured
will start to fail if the configuration isn't changed?
3.  I only want to encrypt data from region 1 < -- > region 2 where a
vpn is not possible... data communication in the same rack for
example, is on a private network and shouldn't be encrypted (except
when it's ec2 ... i think it should be encrypted).  This is not
possible at the moment ... is there a plan for the future?

I do appreciate any feedback and don't mean this to come across in a
negative way.  Just trying to understand how far off it is from being
compliant in a security sense...

-sd


On Tue, Mar 22, 2011 at 9:21 AM, Sasha Dolgy <sdolgy@gmail.com> wrote:
> Hi,
>
> Is there documentation available anywhere that describes how one can
> use org.apache.cassandra.security.streaming.* ?   After the EC2 posts
> yesterday, one question I was asked was about the security of data
> being shifted between nodes.  Is it done in clear text, or
> encrypted..?  I haven't seen anything to suggest that it's encrypted,
> but see in the source that security.streaming does leverage SSL ...
>
> Thanks in advance for some pointers to documentation.
>
> Also, for anyone who is using SSL .. how much of a performance impact
> have you noticed?  Is it minimal or significant?

Mime
View raw message