C. Scott Andreas updated CASSANDRA-14465:
    Component/s: Core

> Consider logging prepared statements bound values in Audit Log
> --------------------------------------------------------------
>                 Key: CASSANDRA-14465
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-14465
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Vinay Chella
>            Priority: Minor
> The Goal of this ticket is to determine the best way to implement audit 
> logging of actual bound values from prepared statement execution. The current 
> default implementation does not log bound values
> Here are the options I see
>  1. Log bound values of prepared statements 
>  2. Let a custom implementation of IAuditLogger decide what to do
> *Context*:
>  Option #1: Works for teams which expects bind values to be logged in audit 
> log without any security or compliance concerns
>  Option #2: Allows teams make the best choice for themselves
> Note that the efforts of securing C* clusters by certs, authentication, and 
> audit logging can go in vain when log rotation and log aggregation systems 
> are not equally secure enough since logging bind values allow someone to 
> replay the database events and expose sensitive data.
> [~spo...@gmail.com] [~jasobrown]

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to