incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From onlinespending <>
Subject Re: user / password authentication advice
Date Thu, 12 Dec 2013 07:40:56 GMT
OK, thanks for getting me going in the right direction. I imagine most people would store password
and tokenized authentication information in a single table, using the username (e.g. email
address) as the key?

On Dec 11, 2013, at 10:44 PM, Janne Jalkanen <> wrote:

> Hi!
> You're right, this isn't really Cassandra-specific. Most languages/web frameworks have
their own way of doing user authentication, and then you just typically write a plugin that
just stores whatever data the system needs in Cassandra.
> For example, if you're using Java (or Scala or Groovy or anything else JVM-based), Apache
Shiro is a good way of doing user authentication and authorization.
Just implement a custom Realm for Cassandra and you should be set.
> /Janne
> On Dec 12, 2013, at 05:31 , onlinespending <> wrote:
>> Hi,
>> I’m using Cassandra in an environment where many users can login to use an application
I’m developing. I’m curious if anyone has any advice or links to documentation / blogs
where it discusses common implementations or best practices for user and password authentication.
My cursory search online didn’t bring much up on the subject. I suppose the information
needn’t even be specific to Cassandra.
>> I imagine a few basic steps will be as follows:
>> user types in username (e.g. email address) and password
>> this is verified against a table storing username and passwords (encrypted in some
>> a token is return to the app / web browser to allow further transactions using secure
token (e.g. cookie)
>> Obviously I’m only scratching the surface and it’s the detail and best practices
of implementing this user / password authentication that I’m curious about.
>> Thank you,
>> Ben

View raw message