There's still the question of inter-node communication though. One of the attractive things to us is the ability to power on another virtual appliance and have it auto-discover the other Cassandra nodes. Is this just something outside the scope of the current design?
---Mark On Fri, Aug 21, 2009 at 10:30 PM, Jonathan Ellis<[email protected]> wrote: > if your product is jvm based, just use the internal api and don't > stzrt the thrift listeners at all. > > On 8/21/09, Mark McBride <[email protected]> wrote: >> I'm looking at the potential of embedding Cassandra in one of our >> products. This ships as one or more virtual appliances that runs at a >> customer's site, and security is always an issue. This looks like >> mostly a Thrift issue... but I was wondering if anybody on this list >> had any thoughts about how you would go about securing Cassandra. The >> best idea I have so far is to try to get THttpClient working (doc >> there is very sparse), have Cassandra listen only listen on 127.0.0.1 >> and have Apache + mod_proxy handle security. If anybody thinks this >> is a dumb way to do it I'm more than willing to listen to alternatives >> >> ---Mark >> >
