Cassandra supports both client to node and inter-node security. IOW,
Cassandra can also be a client to another Cassandra node.
To repeat (and you seem to keep ignoring this) - the presumption is that
the user, outside of Cassandra, is responsible for securing the system,
including the file system,
Jack, thank you for the link, but I'm not sure what you are referring to by
Cassandra API security. If you mean TLS connection, Cassandra establishing
to client and between nodes, than keystore and truststore do not seem to
participate in it at all because Cassandra is using certs and keys,
extract
Cassandra is definitely assuming that you, the user, are separately
assuring that no intruder gets access to the box/root/login. The keystore
and truststore in Cassandra having nothing to do with system security, they
are solely for Cassandra API security.
System security and Cassandra API securit
Daemeon,
Can you, please, give me a bit of beef to your idea? I'm not sure I'm fully
on board here.
Thanks,
Oleg
On Thu, Jan 14, 2016 at 4:52 PM, daemeon reiydelle
wrote:
> The keys don't have to be on the box. You do need a logi/password for c*.
>
> sent from my mobile
> Daemeon C.M. Reiydel
The keys don't have to be on the box. You do need a logi/password for c*.
sent from my mobile
Daemeon C.M. Reiydelle
USA 415.501.0198
London +44.0.20.8144.9872
On Jan 14, 2016 5:16 PM, "oleg yusim" wrote:
> Greetings,
>
> Guys, can you please help me to understand following:
>
> I'm reading thro
Jack,
Thanks for your answer. I guess, I'm a little confused by general
architecture choice. It doesn't seem to be consistent to me. I mean, if we
are building the layer of database specific security (i.e. we are saying,
let's assume intruder is on the box, and he is root, what we can do?), then
i
The point of encryption in Cassandra is to protect data in flight between
the cluster and clients (or between nodes in the cluster.) The presumption
is that normal system network access control (e.g., remote login, etc.)
will preclude bad actors from directly accessing the file system on a
cluster
