Yea there’s a whole lot of stuff here that doesn’t make sense I’m not sure what the threat model really is, but there’s a lot of moving pieces here, and the place you’re thinking about adding validation isn’t the first place I’d be concerned with (internode tends to be a bigger problem).
Why do you think a compromised server will try to send data elsewhere? Where is it going to send it? -- Jeff Jirsa > On Nov 16, 2017, at 12:40 PM, kurt greaves <k...@instaclustr.com> wrote: > > What's the purpose here? If they have access to cqlsh, they have access to > every nodes data, not just the one they are on. An attacker modifying RF > would be the least of your worries. If you manage to detect that some node is > compromise you should isolate it immediately. > > On 16 Nov. 2017 07:33, "Abdelkrim Fitouri" <abdou....@gmail.com> wrote: > Hi, > > I know that cassandra handel properly data replication between cluster nodes, > but for some security reasons I am wonderning how to avoid data replication > after a server node have been compromised and someone is executing > modification via cqlsh ? > > is there a posibility on Cassandra to execute a custom check / Hook before > replication ? > > is there a posibilty to execute a manual replication between node ? > > > > -- > Best Regards. > > Abdelkarim FITOURI > > System And Security Engineer > > >
