Not sure this is the "standard approach", probably more "what we came up with". ;)
We plan to deploy Cassandra behind a firewall denying all traffic on all ports other than 8080. Access from applications will be limited to the REST/HTTP layer, which we'll lock down with standard HTTP authentication mechanisms. (using built-in apache or the servlet container) Long term, we'll probably also introduce authorization/access control by URL as well, whereby only certain users/apps will have access to certain keyspaces and/or column families. (again... most likely using built-in apache mechanisms, or the servlet container) -brian On Tue, Nov 8, 2011 at 6:30 PM, Guy Incognito <dnd1...@gmail.com> wrote: > hi, > > is there a standard approach to securing cassandra eg within a corporate > network? at the moment in our dev environment, anybody with network > connectivity to the cluster can connect to it and mess with it. this would > not be acceptable in prod. do people generally write custom authenticators > etc, or just put the cluster behind a firewall with the appropriate rules > to limit access? > -- Brian ONeill Lead Architect, Health Market Science (http://healthmarketscience.com) mobile:215.588.6024 blog: http://weblogs.java.net/blog/boneill42/ blog: http://brianoneill.blogspot.com/
