Database Reference
In-Depth Information
Security beyond authentication and
authorization
The security afforded by Cassandra-level authentication and authorization only applies to
clients connecting directly to your Cassandra cluster. Anyone who has physical access to
the machines running Cassandra can access the data stored on disk; the same goes for any-
one with SSH access to machines in the Cassandra cluster. Cassandra itself does not offer
encryption for on-disk data, but DataStax Enterprise, a commercial distribution of Cas-
sandra, does offer encryption of at-risk data. For more information, consult ht-
tp://www.datastax.com/documentation/datastax_enterprise/4.5/datastax_enterprise/sec/
secTDE.html .
Data security can also be compromised in transit; anyone who can intercept traffic between
your application and your Cassandra cluster can potentially gain unauthorized access to
your data. Cassandra offers client-to-node SSL encryption that protects your data in transit
between your application and your cluster. For information on setting up client-to-node en-
cryption, see http://www.datastax.com/documentation/cassandra/2.1/cassandra/security/se-
cureSSLClientToNode_t.html .
Finally, normal operation of Cassandra involves passing data between different nodes in the
cluster; if attackers can intercept inter-node communication, they can gain access to your
data. Cassandra has the ability to encrypt all node-to-node traffic; for information on con-
figuring node-to-node encryption, see http://www.datastax.com/documentation/cassandra/
2.1/cassandra/security/secureSSLNodeToNode_t.html .
Previous Page
Next Page
Learning Apache Cassandra
Search WWH ::




Custom Search
Home