Database Reference
In-Depth Information
Summary
In this final appendix, we explored Cassandra's ability to restrict access to itself using in-
ternal authentication and authorization. We saw that Cassandra offers simple configuration
of user accounts and permissions using a collection of CQL commands provided for that
purpose, and also that this information is stored transparently in tables in the sys-
tem_auth keyspace.
We noted that internal authorization can be useful for traditional security concerns, but also
simply as a hedge against mistakes. By limiting access to that which is strictly needed, we
can reduce our vulnerability to user errors that can unintentionally cause major data loss.
We also noted that internal authentication and authorization are not the full security picture
for a Cassandra deployment. While the details are beyond the scope of a topic whose audi-
ence is primarily application engineers, we did a brief survey of other security measures a
Cassandra deployment might undertake, and we briefly discussed situations in which those
measures might be called for.
Search WWH ::




Custom Search