Search and ACL

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Search and ACL

contact-15

How exactly does the search work? Is it similar to fulltext searching?


What type of username/password security is there? (for example sharing a
Cassandra db between applications, and isolating their access controls)


Also, how do I search through the mail archives? 

Thanks, 

Shahan

Reply | Threaded
Open this post in threaded view
|

Re: Search and ACL

Mark Robson
2009/9/13 <[hidden email]>

How exactly does the search work? Is it similar to fulltext searching?


No.

There are two ways you can find stuff - either by exact key (key must be exactly right, it's byte-based), or (if you're using the OrderPreservingPartitioner) a key range scan.

In the case of a key range scan you specify the start / end keys and it lists the keys which exist (up to a specified limit) in that CF in that range, ordered by key.
 

What type of username/password security is there? (for example sharing a
Cassandra db between applications, and isolating their access controls)

There is none. Cassandra clusters allow any operation for anyone who can make a connection to any node in the cluster.

A Cassandra cluster used by multiple applications just has to trust them not to trash each others' data.

A Cassandra cluster used by multiple applications, in any case, requires the admin to set up the storage-conf.xml to contain the set of Keyspaces / CFs etc required by all the applications, which needs to be the same on all the nodes, so a certain amount of careful control and cooperation is required.

I can only really see a case where an instance would be used by multiple applications, if they were fundamentally under the control (software-release wise) of the same team of developers and ops engineers, otherwise change control would be a disaster. There is no analogue of CREATE TABLE / ALTER TABLE as supported by RDBMSs.

Mark
Reply | Threaded
Open this post in threaded view
|

Re: Search and ACL

Mark Robson
In reply to this post by contact-15

What type of username/password security is there? (for example sharing a
Cassandra db between applications, and isolating their access controls)

Also I should point out, that the default startup script for Cassandra also enables the Java debugger and JMX connections from anywhere, both of which are probably even more security risks than Cassandra's own protocols.

Mark
Reply | Threaded
Open this post in threaded view
|

Re: Search and ACL

contact-15

Thank you for your reply.

So the best way to use Cassandra would be at least behind a firewall. 

In the future is it possible to add a username/password type security in? I plan to support the project, just as soon as I have some revenue coming in through my business.

Thanks,

Shahan

On Sun, 13 Sep 2009 13:03:21 +0100, Mark Robson <[hidden email]> wrote:


What type of username/password security is there? (for example sharing a
Cassandra db between applications, and isolating their access controls)

 

Also I should point out, that the default startup script for Cassandra also enables the Java debugger and JMX connections from anywhere, both of which are probably even more security risks than Cassandra's own protocols.

Mark

 

Reply | Threaded
Open this post in threaded view
|

Re: Search and ACL

Mark Robson
2009/9/13 <[hidden email]>

Thank you for your reply.

So the best way to use Cassandra would be at least behind a firewall. 

In the future is it possible to add a username/password type security in? I plan to support the project, just as soon as I have some revenue coming in through my business.


I can't imagine anyone using Cassandra on public IP address space i.e. without a firewall. It's the same use-case as memcached, which also has no authentication or security.

The thrift protocol could in principle use a username/password I guess - I imagine that the reason that it doesn't is that Facebook have never required one.

Mark

Reply | Threaded
Open this post in threaded view
|

Re: Search and ACL

Jonathan Ellis-3
In reply to this post by contact-15
Rackspace is interested in per-keyspace authentication too.

-Jonathan

On Sun, Sep 13, 2009 at 3:13 PM,  <[hidden email]> wrote:

> Thank you for your reply.
>
> So the best way to use Cassandra would be at least behind a firewall.
>
> In the future is it possible to add a username/password type security in? I
> plan to support the project, just as soon as I have some revenue coming in
> through my business.
>
> Thanks,
>
> Shahan
>
> On Sun, 13 Sep 2009 13:03:21 +0100, Mark Robson <[hidden email]> wrote:
>>
>> What type of username/password security is there? (for example sharing a
>> Cassandra db between applications, and isolating their access controls)
>>
>>
>
> Also I should point out, that the default startup script for Cassandra also
> enables the Java debugger and JMX connections from anywhere, both of which
> are probably even more security risks than Cassandra's own protocols.
>
> Mark
>
>