Vinay Chella created CASSANDRA-14465:
----------------------------------------
Summary: Consider logging prepared statements bound values in
Audit Log
Key: CASSANDRA-14465
URL: https://issues.apache.org/jira/browse/CASSANDRA-14465
Project: Cassandra
Issue Type: Improvement
Reporter: Vinay Chella
The Goal of this ticket is to determine the best way to implement audit logging
of actual bound values from prepared statement execution. The current default
implementation does not log bound values
Here are the options I see
1. Log bound values of prepared statements
2. Let a custom implementation of IAuditLogger decide what to do
Context:
Option #1: Works for teams which expects bind values to be logged in audit log
without any security or compliance concerns
Option #2: Allows teams make the best choice for themselves
Note that the efforts of securing C* clusters by certs, authentication, and
audit logging can go in vain when log rotation and log aggregation systems are
not equally secure enough since logging bind values allow someone to reply the
database events and exposes sensitive data.
[[email protected]] [~jasobrown]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
