[ https://issues.apache.org/jira/browse/CASSANDRA-6018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15106764#comment-15106764 ]
Jason Brown commented on CASSANDRA-6018: ---------------------------------------- Addressed latest comments [here|https://github.com/jasobrown/cassandra/commit/7022957df2ff7470dc9c48ca1331c705bfed36e9] - added new field to SegmentReader.SyncSection, named toleratesErrorsInSection, which should resolve the {{toleratesTruncation}} concern. - fixed OR-clause when catching SegmentReaderException - renamed {{SegmentReader.toleratesErrors}} to {{toleratesTruncation}} to better reflect it's derivation from the variable in {{CommitLogReplayer.recover}} > Add option to encrypt commitlog > -------------------------------- > > Key: CASSANDRA-6018 > URL: https://issues.apache.org/jira/browse/CASSANDRA-6018 > Project: Cassandra > Issue Type: New Feature > Reporter: Jason Brown > Assignee: Jason Brown > Labels: commit_log, encryption, security > Fix For: 3.x > > > We are going to start using cassandra for a billing system, and while I can > encrypt sstables at rest (via Datastax Enterprise), commit logs are more or > less plain text. Thus, an attacker would be able to easily read, for example, > credit card numbers in the clear text commit log (if the calling app does not > encrypt the data itself before sending it to cassandra). > I want to allow the option of encrypting the commit logs, most likely > controlled by a property in the yaml. -- This message was sent by Atlassian JIRA (v6.3.4#6332)