Re: Reaper 1.0

2017-11-16 Thread Anshu Vajpayee
Thanks John for your efforts and nicley putting it on website & youtube . Just quick question - Is it compactiable with DSE versions? I know under the hood they have cassandra only , but just wanted to listen your thoughts. On Thu, Nov 16, 2017 at 1:23 AM, Jon Haddad

Re: DC aware failover

2017-11-16 Thread Alexander Dejanovski
Hi Anil, yes, that's the one in use there. I should probably merge it into master to avoid confusion. Cheers, On Fri, Nov 17, 2017 at 6:12 AM CPC wrote: > Hi Alex, > > Is lost-token-range detection impl finished? Since this feature is more > appealing I want to test it. > >

Re: DC aware failover

2017-11-16 Thread CPC
Hi Alex, Is lost-token-range detection impl finished? Since this feature is more appealing I want to test it. Thank you for your help On Nov 16, 2017 10:35 AM, "Alexander Dejanovski" wrote: Hi, The policy is used in production at least in my former company. I can

Re: Executing a check before replication / manual replication

2017-11-16 Thread kurt greaves
That sounds like a great way to DoS yourself. While I'm sure it could be achieved, probably in a pretty messy way, I don't think it's a good idea and seems to me like way over the top security. Especially because sure, you might be able to protect against CQL "attacks" via triggers (ugh) - but if

Re: Executing a check before replication / manual replication

2017-11-16 Thread Abdelkrim Fitouri
ok please find bellow an example: Lets suppose that i have a cassandra cluster of 4 nodes / one DC / replication factor = 4, So in this architecture i have on full copy of the data on each node. Imagine now that one node have been hacked and in some way with full access to cqlsh session, if data

Re: Executing a check before replication / manual replication

2017-11-16 Thread Oliver Ruebenacker
Hello, If I understand the OP right, he wants an automated response one node displays suspicious activity. I suppose in that case, one would want the node to be removed from the cluster or shut down or both. Best, Oliver On Thu, Nov 16, 2017 at 3:40 PM, kurt greaves

Re: Executing a check before replication / manual replication

2017-11-16 Thread Jeff Jirsa
Yea there’s a whole lot of stuff here that doesn’t make sense I’m not sure what the threat model really is, but there’s a lot of moving pieces here, and the place you’re thinking about adding validation isn’t the first place I’d be concerned with (internode tends to be a bigger problem). Why

Re: Executing a check before replication / manual replication

2017-11-16 Thread kurt greaves
What's the purpose here? If they have access to cqlsh, they have access to every nodes data, not just the one they are on. An attacker modifying RF would be the least of your worries. If you manage to detect that some node is compromise you should isolate it immediately. On 16 Nov. 2017 07:33,

Re: CQL Map vs clustering keys

2017-11-16 Thread eugene miretsky
Thanks! So assuming C* 3.0 and that my table stores only one collection, using clustering keys will be more performant? Extending this to sets - would doing something like this make sense? ( id UUID PRIMARY KEY, val text, PRIMARY KEY (id, val)) ); SELECT count(*) FROM TABLE WHERE id = 123