Regarding security releases, nothing currently exists to notify users when
security related patches are released. At the moment I imagine
announcements would only be made in NEWS.txt or on the user mailing list...
but only if you're lucky.
On 31 January 2018 at 19:18, Michael Shuler wrote:
> I s
I should also mention the dev@ mailing list - this is where the [VOTE]
emails are sent and you'd get an advanced heads up on upcoming releases,
along with the release emails that are sent to both user@ and dev@. The
dev@ traffic is generally lower than user@, so pretty easy to spot votes
& releases
I usually install cron-apt for Ubuntu & Debian, forward and read root's
email to be notified of all system upgrades, including Cassandra.
There are likely other utilities for other operating systems, or just a
cron script that checks for system update & emails would work, too.
Also, it's possible
Just following up... Oleg, have you gotten a satisfactory level of feedback
from the community on the security assessment issues?
And if there is any sort of final assessment that can be publicly accessed,
that would be great.
-- Jack Krupansky
On Thu, Feb 11, 2016 at 3:29 PM, oleg yusim wrote:
Greetings,
Matt brought to my attention that I shared the document at "view only"
mode. My apologies for that. I corrected permissions and shared the
document personally with everybody, who indicated he/she would review it.
Thanks,
Oleg
On Fri, Feb 12, 2016 at 10:33 PM, oleg yusim wrote:
> Gr
Greetings,
Following Jack's and Matt's suggestions, I moved the doc to Google Docs and
added to it all the security gaps in Cassandra I was able to discover
(please, see second table below fist).
Here is an updated link to my document:
https://docs.google.com/document/d/13-yu-1a0MMkBiJFPNkYoTd1H
Jack,
I updated my document with all the security gaps I was able to find and
posted it there:
https://docs.google.com/document/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing
Thanks,
Oleg
On Thu, Feb 11, 2016 at 4:09 PM, oleg yusim wrote:
> Jack,
>
> I asked my management, if
Jack,
I asked my management, if I can share with community my assessment
spreadsheet (whole thing, with gaps and desired configurations). Let's wait
for their answer. I would definitely update the document I shared with the
rest of gaps, so you, guys, would have it for sure.
Now, in case if my ma
Thanks for putting the items together in a list. This allows people to see
things with more context. Give people in the user community a little time
to respond. A week, maybe. Hopefully some of the senior Cassandra
committers will take a look as well.
Will the final assessment become a public docu
Thanks Dani.
Oleg
On Thu, Feb 11, 2016 at 2:27 PM, Dani Traphagen wrote:
> Hi Oleg,
>
> I'm happy to take a look. Will update after review.
>
> Thanks,
> Dani
>
> On Thu, Feb 11, 2016 at 12:23 PM, oleg yusim wrote:
>
>> Hi Dani,
>>
>> As promised, I sort of put all my questions under the "one
Hi Oleg,
I'm happy to take a look. Will update after review.
Thanks,
Dani
On Thu, Feb 11, 2016 at 12:23 PM, oleg yusim wrote:
> Hi Dani,
>
> As promised, I sort of put all my questions under the "one roof". I would
> really appreciate you opinion on them.
>
> https://drive.google.com/open?id=0
Hi Dani,
As promised, I sort of put all my questions under the "one roof". I would
really appreciate you opinion on them.
https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
Thanks,
Oleg
On Fri, Jan 29, 2016 at 3:28 PM, Dani Traphagen wrote:
> Hi Oleg,
>
> Thanks that helped clear
Thanks Dani!
Oleg
On Fri, Jan 29, 2016 at 3:28 PM, Dani Traphagen wrote:
> Hi Oleg,
>
> Thanks that helped clear things up! This sounds like a daunting task. I
> wish you all the best with it.
>
> Cheers,
> Dani
>
> On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim wrote:
>
>> Dani,
>>
>> I reall
Hi Oleg,
Thanks that helped clear things up! This sounds like a daunting task. I
wish you all the best with it.
Cheers,
Dani
On Fri, Jan 29, 2016 at 10:03 AM, oleg yusim wrote:
> Dani,
>
> I really appreciate you response. Actually, session timeouts and security
> labels are two different to
Dani,
I really appreciate you response. Actually, session timeouts and security
labels are two different topics (first is about attack when somebody
opened, say, ssh window to DB, left his machine unattended and somebody
else stole his session, second - to enable DB to support what called MAC
acce
Also -- it looks like you're really asking questions about session timeouts
and security labels as they associate, would be more helpful to keep in one
thread. :)
On Friday, January 29, 2016, Dani Traphagen
wrote:
> Hi Oleg,
>
> I understand your frustration but unfortunately, in the terms of yo
Jack,
Thanks for your suggestion. I'm familiar with Cassandra documentation, and
I'm aware of differences between DSE and Cassandra.
Questions I ask here are those, I found no mention about in documentation.
Let's take security labels for instance. Cassandra documentation is
completely silent on
To answer any future questions along these same lines, I suggest that you
start by simply searching the doc and search the github repo for the source
code for the relevant keywords. That will give you the definitive answers
quickly. If something is missing, feel free to propose that it be added (if
Patrick,
Absolutely. Security label is mechanism of access control, utilized by MAC
(mandatory access control) model, and not utilized by DAC (discretionary
access control) model, we all are used to. In database content it is
illustrated for instance here:
http://www.postgresql.org/docs/current/st
Cassandra has support for authentication security, but I'm not familiar
with a security label. Can you describe what you want to do?
Patrick
On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim wrote:
> Greetings,
>
> Does Cassandra support security label concept? If so, where can I read on
> how it sho
ay, September 05, 2013 9:47 AM
> To: user@cassandra.apache.org
> Subject: Re: Security?
>
> For open-source Cassandra, there is a framework for security (see the
> security book-thing in the sidebar):
> http://www.datastax.com/documentation/cassandra/1.2/webhelp/index.html
>
For open-source Cassandra, there is a framework for security (see the security
book-thing in the sidebar):
http://www.datastax.com/documentation/cassandra/1.2/webhelp/index.html
For those wanting additional things like auditing and other features, there's
DataStax Enterprise:
http://www.datasta
Thanks for the info.
So open-source Cassandra does not provide for auditing?
-Original Message-
From: Jeremy Hanna [mailto:jeremy.hanna1...@gmail.com]
Sent: Thursday, September 05, 2013 9:47 AM
To: user@cassandra.apache.org
Subject: Re: Security?
For open-source Cassandra, there is a
ok, thx for the input!
On 09/11/2011 15:19, Mohit Anchlia wrote:
We lockdown ssh to root from any network. We also provide individual
logins including sysadmin and they go through LDAP authentication.
Anyone who does sudo su as root gets logged and alerted via trapsend.
We use firewalls and also
We lockdown ssh to root from any network. We also provide individual
logins including sysadmin and they go through LDAP authentication.
Anyone who does sudo su as root gets logged and alerted via trapsend.
We use firewalls and also have a separate vlan for datastore servers.
We then open only speci
Firewall with appropriate rules.
> On Tue, Nov 8, 2011 at 6:30 PM, Guy Incognito wrote:
>>
>> hi,
>>
>> is there a standard approach to securing cassandra eg within a corporate
>> network? at the moment in our dev environment, anybody with network
>> connectivity to the cluster can connect to it
Not sure this is the "standard approach", probably more "what we came up
with". ;)
We plan to deploy Cassandra behind a firewall denying all traffic on all
ports other than 8080. Access from applications will be limited to the
REST/HTTP layer, which we'll lock down with standard HTTP authenticati
It isn't very well documented apparently, but if you are using 0.6, you can
look at the 'Authenticator' property in the default config for an explanation
of how to authenticate users.
With the SimpleAuthenticator implementation, there are properties files that
define your users and passwords, a
28 matches
Mail list logo
