incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From onlinespending <onlinespend...@gmail.com>
Subject Re: user / password authentication advice
Date Thu, 12 Dec 2013 07:40:56 GMT
OK, thanks for getting me going in the right direction. I imagine most people would store password
and tokenized authentication information in a single table, using the username (e.g. email
address) as the key?


On Dec 11, 2013, at 10:44 PM, Janne Jalkanen <Janne.Jalkanen@ecyrd.com> wrote:

> 
> Hi!
> 
> You're right, this isn't really Cassandra-specific. Most languages/web frameworks have
their own way of doing user authentication, and then you just typically write a plugin that
just stores whatever data the system needs in Cassandra.
> 
> For example, if you're using Java (or Scala or Groovy or anything else JVM-based), Apache
Shiro is a good way of doing user authentication and authorization. http://shiro.apache.org/.
Just implement a custom Realm for Cassandra and you should be set.
> 
> /Janne
> 
> On Dec 12, 2013, at 05:31 , onlinespending <onlinespending@gmail.com> wrote:
> 
>> Hi,
>> 
>> I’m using Cassandra in an environment where many users can login to use an application
I’m developing. I’m curious if anyone has any advice or links to documentation / blogs
where it discusses common implementations or best practices for user and password authentication.
My cursory search online didn’t bring much up on the subject. I suppose the information
needn’t even be specific to Cassandra.
>> 
>> I imagine a few basic steps will be as follows:
>> 
>> user types in username (e.g. email address) and password
>> this is verified against a table storing username and passwords (encrypted in some
way)
>> a token is return to the app / web browser to allow further transactions using secure
token (e.g. cookie)
>> 
>> Obviously I’m only scratching the surface and it’s the detail and best practices
of implementing this user / password authentication that I’m curious about.
>> 
>> Thank you,
>> Ben
>> 
>> 
> 


Mime
View raw message