[
https://issues.apache.org/jira/browse/CASSANDRA-9633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15139977#comment-15139977
]
Blake Eggleston commented on CASSANDRA-9633:
--------------------------------------------
Agreed that the best approach implementation wise is to build on top of
ICompressor, but that configuring encryption via compression settings is a
little weird. UX wise, I think adding an table parameter would make the most
sense (ie: {{... WITH ENCRYPTION=\{...\}}} ), and then implement it as an
Encrypting ICompressor class which wraps the regular compression class.
Something like this:
{code}
ICompressor compressor = compressionParams.makeCompressor();
compressor = encryptionParams.maybeWrapCompressor(compressor);
{code}
That seems like it would be a good balance or ease of use / ease of
implementation. wdyt?
I haven't dug too deeply into your commit because it doesn't seem to address
the encryption of index and summary files. Depending on your data model, it's
possible that a decent amount of the data users are trying to protect would be
inadvertently exposed in these files. Off the top of my head, I think you could
compress these files pretty easily as well though. This would probably have
performance implications for the read path, which would only make sense if you
were using encryption, so adding a {{compressesIndexFiles}} to ICompressor
would probably have to go along with it.
> Add ability to encrypt sstables
> -------------------------------
>
> Key: CASSANDRA-9633
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9633
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Jason Brown
> Assignee: Jason Brown
> Labels: encryption, security, sstable
> Fix For: 3.x
>
>
> Add option to allow encrypting of sstables.
> I have a version of this functionality built on cassandra 2.0 that
> piggy-backs on the existing sstable compression functionality and ICompressor
> interface (similar in nature to what DataStax Enterprise does). However, if
> we're adding the feature to the main OSS product, I'm not sure if we want to
> use the pluggable compression framework or if it's worth investigating a
> different path. I think there's a lot of upside in reusing the sstable
> compression scheme, but perhaps add a new component in cqlsh for table
> encryption and a corresponding field in CFMD.
> Encryption configuration in the yaml can use the same mechanism as
> CASSANDRA-6018 (which is currently pending internal review).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
