[jira] [Commented] (CASSANDRA-2274) Restrict Cassandra cluster node joins to a list of named hosts

["David Allsopp (Commented) (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/CASSANDRA-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13133343#comment-13133343 ] 

David Allsopp commented on CASSANDRA-2274:
------------------------------------------

Can this not be done simply via iptables firewall settings, rolled out across the cluster machines? 

(It's not clear to me why a Cassandra configuration file would be any less fallible than a firewall configuration file - and if you have both, then you have to remember to update both of them...)
                
> Restrict Cassandra cluster node joins to a list of named hosts
> --------------------------------------------------------------
>
>                 Key: CASSANDRA-2274
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-2274
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 0.7.2
>         Environment: All
>            Reporter: Andrew Schiefelbein
>
> Because firewalls and employees are not infallible it would be nice to restrict the ability of any node to join a cluster to a list of named hosts in the configuration so that someone would be unable to start a node and replicate all the data locally.  I understand that in order to do this the person must know the seed servers and the cluster name and to extract the data they will need a userid and password but another level of security would be to force them to execute any brute force attack from a locked down server instead of replicating all the data locally.  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira