Hi guys,
Documentation (for almost everything) uses IP addresses for seeds, is it
possible to use the FQDN instead for the seeds (cass.yaml)? It is far easier
to read/use names.
Thanks
M
It can work to use host names. We have done it for temporary clusters where
there is at least a theoretical possibility of an ip address change. I don't
know all the trade-offs of using host names, since we don't do that for
production.
Sean R. Durity
INTERNAL USE
-Original
Hi Aaron,
Guardrails are not applied to superusers. The default user is a superuser,
so to see guardrails in action you need to create and use a user that is
not a superuser.
You can do that by setting, for example, these properties on cassandra.yaml:
authenticator: PasswordAuthenticator
I'm not afraid to admit that I LOVE this feature. Exactly what a data engine
should be able to do - stop bad behavior.
Sean R. Durity
From: Aaron Ploetz
Sent: Thursday, June 23, 2022 3:22 PM
To: user@cassandra.apache.org
Subject: [EXTERNAL] Re: Guardrails in Cassandra 4.1 Alpha
Ahh...yes, my
From my understanding, the main thing to be aware of is that Cassandra’s
default SeedProvider doesn't resolve multiple A records, so you’re actually
limited in terms of the load balancing/DNS configurations you can use.
You can however write alternative seed providers which have different
So I'm trying to test out the guardrails in 4.1-alpha. I've set
allow_filtering_enabled: false, but it doesn't seem to care (I can still
use it).
> SELECT release_version FROM system.local;
release_version
-
4.1-alpha1-SNAPSHOT
(1 rows)
> SELECT * FROM
Ahh...yes, my default "aaron" user is indeed a SUPERUSER.
Ok, so I created a new, non-superuser and tried again...
> SELECT * FROm stackoverflow.movies WHERE title='Sneakers (1992)' ALLOW
FILTERING;
InvalidRequest: Error from server: code=2200 [Invalid query]
message="Guardrail allow_filtering
