Return-Path: X-Original-To: apmail-cassandra-user-archive@www.apache.org Delivered-To: apmail-cassandra-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6400D623F for ; Mon, 13 Jun 2011 11:27:05 +0000 (UTC) Received: (qmail 42771 invoked by uid 500); 13 Jun 2011 11:27:02 -0000 Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org Received: (qmail 42727 invoked by uid 500); 13 Jun 2011 11:27:02 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 42719 invoked by uid 99); 13 Jun 2011 11:27:02 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Jun 2011 11:27:02 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [204.13.248.66] (HELO mho-01-ewr.mailhop.org) (204.13.248.66) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Jun 2011 11:26:53 +0000 Received: from 75-166-66-241.hlrn.qwest.net ([75.166.66.241] helo=[192.168.0.2]) by mho-01-ewr.mailhop.org with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.72) (envelope-from ) id 1QW5Hq-0009KA-6E for user@cassandra.apache.org; Mon, 13 Jun 2011 11:26:30 +0000 X-Mail-Handler: MailHop Outbound by DynDNS X-Originating-IP: 75.166.66.241 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX1+KhmTPaXzFuf6adVO8FTFhRYzEgbSJb4E= Message-ID: <4DF5F3E3.1090609@dude.podzone.net> Date: Mon, 13 Jun 2011 05:26:27 -0600 From: AJ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10 MIME-Version: 1.0 To: user@cassandra.apache.org Subject: Re: SSL & Streaming References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Performance-wise, I think it would be better to just let the client encrypt sensitive data before storing it, versus encrypting all traffic all the time. If individual values are encrypted, then they don't have to be encrypted/decrypted during transit between nodes during the initial updates as well as during the commissioning of a new node or other times. A drawback, however, is now you have to manage one or more keys for the lifetime of the data. It will also complicate your data view interfaces. However, if Cassandra had data encryption built-in somehow, that would solve this problem... just thinking out loud. Can anyone think of other pro/cons of both strategies? On 3/22/2011 2:21 AM, Sasha Dolgy wrote: > Hi, > > Is there documentation available anywhere that describes how one can > use org.apache.cassandra.security.streaming.* ? After the EC2 posts > yesterday, one question I was asked was about the security of data > being shifted between nodes. Is it done in clear text, or > encrypted..? I haven't seen anything to suggest that it's encrypted, > but see in the source that security.streaming does leverage SSL ... > > Thanks in advance for some pointers to documentation. > > Also, for anyone who is using SSL .. how much of a performance impact > have you noticed? Is it minimal or significant? >