On Wed, 2 Dec 2009 15:32:35 -0600 Jonathan Ellis wrote:
JE> 2009/12/2 Ted Zlatanov :
>> I'd still rather pass something back. As I said, it allows backends to
>> maintain state when it makes sense to do so and can alleviate the
>> problem of redundant auth queries in the future.
JE> That makes
Got it.
On Dec 2, 2009, at 4:42 PM, Jonathan Ellis wrote:
It doesn't have to be the outside world, just apps from different
groups. Which is the whole (or at least, a major) reason we added
multiple keyspaces.
On Wed, Dec 2, 2009 at 3:38 PM, Jake Luciani wrote:
If there is a use case to ope
I like this bug/feature it gives another dimension to play with.
Especially when keyspaces can be defined on the fly. Not a huge
restriction though.
Sent from my iPhone
On Dec 2, 2009, at 4:22 PM, Jonathan Ellis wrote:
What backwards compatibility are you concerned with breaking?
Having
Public IPs and ports make it so.
-Original Message-
From: Jake Luciani [mailto:jak...@gmail.com]
Sent: December 2, 2009 4:39 PM
To: cassandra-user@incubator.apache.org
Subject: Re: Cassandra access control
If there is a use case to open a Cassandra cluster to the world then I
agree.
S
It doesn't have to be the outside world, just apps from different
groups. Which is the whole (or at least, a major) reason we added
multiple keyspaces.
On Wed, Dec 2, 2009 at 3:38 PM, Jake Luciani wrote:
> If there is a use case to open a Cassandra cluster to the world then I
> agree.
>
> Sent f
If there is a use case to open a Cassandra cluster to the world then I
agree.
Sent from my iPhone
On Dec 2, 2009, at 4:24 PM, "Coe, Robin" wrote:
NoSQL doesn't mean no security. A production database engine has to
protect its data. The trick is to make the auth framework fast enough
that
On Wed, 2009-12-02 at 15:27 -0600, Ted Zlatanov wrote:
> EE> Let's not do that; as Robin pointed out...
>
> EE> "...there's no way to ensure immediate consistency of tokens
> across all
> EE> nodes, it's probably not worth the effort of making Cassandra
> "token
> EE> aware", since an application
On Wed, 2 Dec 2009 15:23:23 -0600 Jonathan Ellis wrote:
JE> It's really premature to be holding a "vote" based on
JE> first-impression opinions.
Somehow we have to make a decision on whether the API will be stateful
or stateless. This affects more than just the auth code so I thought a
vote wa
2009/12/2 Ted Zlatanov :
> I'd still rather pass something back. As I said, it allows backends to
> maintain state when it makes sense to do so and can alleviate the
> problem of redundant auth queries in the future.
That makes no sense whatsoever. Backends can maintain state or not
either way;
On Wed, 02 Dec 2009 14:35:09 -0600 Eric Evans wrote:
EE> On Wed, 2009-12-02 at 14:27 -0600, Ted Zlatanov wrote:
>> On Wed, 02 Dec 2009 14:14:53 -0600 Eric Evans wrote:
>>
EE> Did you maybe mean...? AuthenticationRequest required for the
EE> method (has to be), but the map is optional?
>>
>>
NoSQL doesn't mean no security. A production database engine has to
protect its data. The trick is to make the auth framework fast enough
that it doesn't adversely affect performance and robust enough that an
application requesting data doesn't have to jump through hoops to get
it.
-Original
It's really premature to be holding a "vote" based on first-impression opinions.
2009/12/2 Ted Zlatanov :
> On Wed, 2 Dec 2009 20:54:13 + Mark Robson wrote:
>
> MR> How about we make authentication optional, and have the protocol being
> MR> stateful only if you want to authenticate?
>
> MR>
What backwards compatibility are you concerned with breaking?
Having keyspace be a per-command arg is a bug, not a feature.
On Wed, Dec 2, 2009 at 2:54 PM, Mark Robson wrote:
> How about we make authentication optional, and have the protocol being
> stateful only if you want to authenticate?
>
>
On Wed, 2 Dec 2009 20:54:13 + Mark Robson wrote:
MR> How about we make authentication optional, and have the protocol being
MR> stateful only if you want to authenticate?
MR> That way we don't break backwards compatibility or introduce extra
MR> complexity for people who don't need it.
Tha
I'm only reporting what trunk is like right now, not what it will be
in the future. Trunk has been buggy before and will be again, don't
worry. :)
On Wed, Dec 2, 2009 at 2:57 PM, Ian Holsman wrote:
> hmm.
> doesn't that leave the trunk in a bad position in terms of new development?
> you may go
+1 this is nosql afterall.
Sent from my iPhone
On Dec 2, 2009, at 3:54 PM, Mark Robson wrote:
How about we make authentication optional, and have the protocol
being stateful only if you want to authenticate?
That way we don't break backwards compatibility or introduce extra
complexity fo
hmm.
doesn't that leave the trunk in a bad position in terms of new development?
you may go through times when a major feature lands and trunk is broken/buggy.
or are you planning on building new features on a branch and then merging into
trunk when it's stable?
On Dec 3, 2009, at 5:32 AM, Jonath
How about we make authentication optional, and have the protocol being
stateful only if you want to authenticate?
That way we don't break backwards compatibility or introduce extra
complexity for people who don't need it.
Mark
On Wed, 2009-12-02 at 14:27 -0600, Ted Zlatanov wrote:
> On Wed, 02 Dec 2009 14:14:53 -0600 Eric Evans wrote:
>
> EE> Did you maybe mean...? AuthenticationRequest required for the
> EE> method (has to be), but the map is optional?
>
> Either way will work. With your suggestion and allowing fo
On Wed, 02 Dec 2009 14:14:53 -0600 Eric Evans wrote:
EE> Did you maybe mean...? AuthenticationRequest required for the
EE> method (has to be), but the map is optional?
Either way will work. With your suggestion and allowing for auth
backends to modify the authentication request:
struct Authe
On Wed, 02 Dec 2009 19:13:58 + Bill de hOra wrote:
Bdh> Strong agreement. The login method should return an opaque token which
Bdh> is passed on each call. If that messes up the API, that says more
Bdh> about Thrift than the auth model.
Slight disagreement on the semantics: this is not a st
On Wed, 2009-12-02 at 13:28 -0600, Ted Zlatanov wrote:
>
> struct AuthenticationRequest {
> 1: required map credentials,
> }
>
> service Cassandra {
> ...
> void login(1: required string keyspace,
> 2: optional AuthenticationRequest auth_request)
>throws (1:Authentica
On Wed, Dec 2, 2009 at 1:59 PM, Coe, Robin wrote:
> Once a connection is opened with credentials, then as long as I hold that
> connection open, I shouldn't need to pass auth checks with every transaction.
Exactly. This isn't http where we are opening a new connection with
each call. (If you a
Once a connection is opened with credentials, then as long as I hold that
connection open, I shouldn't need to pass auth checks with every transaction.
On the other hand, if there was a way to use a token in lieu of credentials, to
provide SSO capabilities to any node, then I could see their use
On Wed, 2 Dec 2009 15:13:11 + Mark Robson wrote:
MR> I'd be against moving to a stateful protocol.
Noted, I'd like to see some more votes. I'm agnostic: I think it will
work fine either way. Eric and Jonathan are definitely on the stateful
side so it's 2-1 right now. I think Robin is als
Mark Robson wrote:
2009/12/2 Ted Zlatanov mailto:t...@lifelogs.com>>
OK. So what should the API be? Just one method, as Robin suggested?
void login( Map credentials, String keyspace )
throws AuthenticationException, AuthorizationException
In this model the backend would stil
We are using trunk. 0.5 beta / trunk is better than 0.4 at the 0.4
functionality and IMO is production ready (although you should always
test first), but I would not yet rely on the new stuff (bootstrap,
loadbalance, and moving nodes around in general).
-Jonathan
On Wed, Dec 2, 2009 at 12:26 PM,
Helpful thread guys. In general, Jonathan, would you recommend
building from trunk for new deployments at our current snapshot in
time? Are you using trunk at Rackspace?
Thanks.
-Adam
On Tue, Dec 1, 2009 at 6:18 PM, Jonathan Ellis wrote:
> On Tue, Dec 1, 2009 at 7:31 PM, Freeman, Tim wrote:
>
On Wed, 2009-12-02 at 08:52 -0600, Ted Zlatanov wrote:
> On Tue, 01 Dec 2009 16:58:50 -0600 Eric Evans
> wrote:
>
> EE> On Tue, 2009-12-01 at 15:38 -0600, Ted Zlatanov wrote:
> >> I disagree, why would you want to forbid switching the keyspace?
> That's
> >> turning off a currently working featu
2009/12/2 Ted Zlatanov
> OK. So what should the API be? Just one method, as Robin suggested?
>
> void login( Map credentials, String keyspace )
> throws AuthenticationException, AuthorizationException
>
> In this model the backend would still have login() and
> setKeyspace()/getKeyspace() sepa
On Tue, 01 Dec 2009 16:58:50 -0600 Eric Evans wrote:
EE> On Tue, 2009-12-01 at 15:38 -0600, Ted Zlatanov wrote:
>> I disagree, why would you want to forbid switching the keyspace? That's
>> turning off a currently working feature. Also, connections are not
>> free, especially across WAN links.
Hi
I've started to test the scalabilty of cassandra so my test is to start on 1
machine cassandra as a single node.
I've inserted few thousand columns. I've made queries all is ok.
Now I take a second machine I reconfigure the first node and the second node
to work as cluster. I've not touched th
32 matches
Mail list logo