incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian O'Neill" <b...@alumni.brown.edu>
Subject Re: security
Date Wed, 09 Nov 2011 14:31:55 GMT
Not sure this is the "standard approach", probably more "what we came up
with". ;)

We plan to deploy Cassandra behind a firewall denying all traffic on all
ports other than 8080.  Access from applications will be limited to the
REST/HTTP layer, which we'll lock down with standard HTTP authentication
mechanisms. (using built-in apache or the servlet container)

Long term, we'll probably also introduce authorization/access control by
URL as well, whereby only certain users/apps will have access to certain
keyspaces and/or column families. (again... most likely using built-in
apache mechanisms, or the servlet container)

-brian


On Tue, Nov 8, 2011 at 6:30 PM, Guy Incognito <dnd1066@gmail.com> wrote:

> hi,
>
> is there a standard approach to securing cassandra eg within a corporate
> network?  at the moment in our dev environment, anybody with network
> connectivity to the cluster can connect to it and mess with it.  this would
> not be acceptable in prod.  do people generally write custom authenticators
> etc, or just put the cluster behind a firewall with the appropriate rules
> to limit access?
>



-- 
Brian ONeill
Lead Architect, Health Market Science (http://healthmarketscience.com)
mobile:215.588.6024
blog: http://weblogs.java.net/blog/boneill42/
blog: http://brianoneill.blogspot.com/

Mime
View raw message