cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Schiefelbein (Commented) (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-2274) Restrict Cassandra cluster node joins to a list of named hosts
Date Wed, 02 Nov 2011 21:21:32 GMT


Andrew Schiefelbein commented on CASSANDRA-2274:

I believe Bob Blakley once wrote that trust is for suckers.  I'm not worried about physical
attacks against a single box, you can never be 100% secure, because if there is a way there
is a will, however, the current security model allows enough of a hole for a sophisticated
individual with enough knowledge and malicious intent to quite easy fire up a node and replicate
off data without so much as a slap on the wrist.  I believe that point is taken on this thread
so I will stop hammering it home.  That said, I will award bonus points and buy you a 6 pack
of whatever tasty beverage you prefer if you could enable this cluster wide, and have these
settings dynamic in the database itself that you can tweak while it's running.  Bringing nodes
up and down to add / remove other nodes is no fun, as it is also no fun when you have to modify
users and access properties.  And though I was invited to help fix this here:
I haven't been able to win the lottery to get enough free time to do it, hence the offer of
the 6 pack.
> Restrict Cassandra cluster node joins to a list of named hosts
> --------------------------------------------------------------
>                 Key: CASSANDRA-2274
>                 URL:
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 0.7.2
>         Environment: All
>            Reporter: Andrew Schiefelbein
> Because firewalls and employees are not infallible it would be nice to restrict the ability
of any node to join a cluster to a list of named hosts in the configuration so that someone
would be unable to start a node and replicate all the data locally.  I understand that in
order to do this the person must know the seed servers and the cluster name and to extract
the data they will need a userid and password but another level of security would be to force
them to execute any brute force attack from a locked down server instead of replicating all
the data locally.  

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message