incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sasha Dolgy <sdo...@gmail.com>
Subject Re: encryption_options & 0.8
Date Wed, 27 Apr 2011 09:15:04 GMT
Although it's crude, websphere for example provides a simple, internal
hashing algorithm to encrypt the clear text passwords.  it's quite
easy to decrypt the passwords ... however, it's an extra step that
takes a bit more time ... as opposed to saying, "hi, here are my
cleartext passwords.  have fun"

even something crude like base64 encode/decode on the cleartext string
would be better than clear text. when cassandra is loading the
cassandra.yaml and it gets to encryption_options, it can perform a
base64 decode against the encoded string.

-sasha

On Wed, Apr 27, 2011 at 5:09 AM, David Strauss <david@davidstrauss.net> wrote:
> On Tue, 2011-04-26 at 08:57 +0200, Sasha Dolgy wrote:
>> Is it possible to store an encrypted keystore_password and
>> truststore_password in the cassandra.yaml?  I see that the defaults
>> allow cleartext which isn't suitable when negotiating with security
>> specialists for sign-off of a solution...
>
> If the passwords are encrypted, when and how would they be decrypted?

Mime
View raw message