incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From AJ ...@dude.podzone.net>
Subject Re: SSL & Streaming
Date Mon, 13 Jun 2011 11:26:27 GMT
Performance-wise, I think it would be better to just let the client 
encrypt sensitive data before storing it, versus encrypting all traffic 
all the time.  If individual values are encrypted, then they don't have 
to be encrypted/decrypted during transit between nodes during the 
initial updates as well as during the commissioning of a new node or 
other times.

A drawback, however, is now you have to manage one or more keys for the 
lifetime of the data.  It will also complicate your data view 
interfaces.  However, if Cassandra had data encryption built-in somehow, 
that would solve this problem... just thinking out loud.

Can anyone think of other pro/cons of both strategies?

On 3/22/2011 2:21 AM, Sasha Dolgy wrote:
> Hi,
>
> Is there documentation available anywhere that describes how one can
> use org.apache.cassandra.security.streaming.* ?   After the EC2 posts
> yesterday, one question I was asked was about the security of data
> being shifted between nodes.  Is it done in clear text, or
> encrypted..?  I haven't seen anything to suggest that it's encrypted,
> but see in the source that security.streaming does leverage SSL ...
>
> Thanks in advance for some pointers to documentation.
>
> Also, for anyone who is using SSL .. how much of a performance impact
> have you noticed?  Is it minimal or significant?
>


Mime
View raw message