Dear Cassandra Community, I'm excited to share a proposal for a new feature that I believe would significantly enhance the platform's security and operational flexibility: *a flexible authentication mechanism implemented through a feature flag *.
Currently, enforcing authentication in Cassandra requires a disruptive, full-cluster restart, posing significant risks in live environments. My proposal, the *auth_enforcement_flag*, addresses this challenge by offering three modes: *Hard:* Enforces strict authentication with detailed logging. *Soft:* Monitors connection attempts (valid and invalid) without enforcing authentication. *None:* Maintains the current Cassandra behavior. This flag enables: *Minimized downtime: *Seamless authentication rollout without service interruptions. *Enhanced security:* Detailed logs for improved threat detection and troubleshooting. *Gradual adoption:* Phased implementation with real-world feedback integration. I believe this feature provides substantial benefits for both users and administrators. Please see the detailed proposal here: Introducing flexible authentication mechanism <https://docs.google.com/document/d/1w649JAJdhVNQwQ9btXaaUopXlGjia6Sfgv281U9U7HY> I warmly invite the community to review this proposal and share your valuable feedback. I'm eager to discuss its potential impact and collaborate on making Cassandra even better. Thank you for your time and consideration. Sincerely, Gaurav Agarwal Software Engineer at Uber
