[
https://issues.apache.org/jira/browse/CASSANDRA-5401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13623226#comment-13623226
]
Brandon Williams commented on CASSANDRA-5401:
---------------------------------------------
bq. For the record, I still think this is really iptables' job.
I agree that's one way to solve it, but if you don't have root on the machine
because there is a separation of powers this is another way. Anyway, lgtm, +1
> Pluggable security feature to prevent node from joining a cluster and running
> destructive commands
> --------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-5401
> URL: https://issues.apache.org/jira/browse/CASSANDRA-5401
> Project: Cassandra
> Issue Type: Improvement
> Components: Config, Core
> Affects Versions: 1.1.10
> Environment: Production
> Reporter: Ahmed Bashir
> Assignee: Aleksey Yeschenko
> Priority: Trivial
> Labels: configuration, security
> Fix For: 1.2.4
>
> Attachments: 5401.txt
>
>
> It's possible for a node to join an existing cluster (with perhaps more
> stringent security restrictions i.e. not using AllowAllAuthentication) and
> issue destructive commands that affect the cluster at large (e.g. drop
> keyspace via cassandra-cli, etc).
> This can be circumvented with a pluggable security module that could be used
> to implement basic node vetting/identification/etc.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
