What's the purpose here? If they have access to cqlsh, they have access to every nodes data, not just the one they are on. An attacker modifying RF would be the least of your worries. If you manage to detect that some node is compromise you should isolate it immediately.
On 16 Nov. 2017 07:33, "Abdelkrim Fitouri" <abdou....@gmail.com> wrote: Hi, I know that cassandra handel properly data replication between cluster nodes, but for some security reasons I am wonderning how to avoid data replication after a server node have been compromised and someone is executing modification via cqlsh ? is there a posibility on Cassandra to execute a custom check / Hook before replication ? is there a posibilty to execute a manual replication between node ? > -- Best Regards. *Abdelkarim FITOURI* System And Security Engineer
