You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Stefan Podkowinski (JIRA)" <ji...@apache.org> on 2016/02/16 15:36:18 UTC
[jira] [Commented] (CASSANDRA-10724) Allow option to only encrypt
username/password transfer, not data
[ https://issues.apache.org/jira/browse/CASSANDRA-10724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15148668#comment-15148668 ]
Stefan Podkowinski commented on CASSANDRA-10724:
------------------------------------------------
Username/password authentication is only taking place for client-to-node communication at the beginning of _each_ connection using SASL over an unencrypted or TLS secured connection. In case of TLS, all further data will be send encrypted afterwards. I'm not aware of any ways to downgrade the TLS connection to plaintext after authentication, if that's what you're suggesting. Can you elaborate why you need to make sure to protect the user credentials, but would be fine by sending all actual data unencrypted?
> Allow option to only encrypt username/password transfer, not data
> -----------------------------------------------------------------
>
> Key: CASSANDRA-10724
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10724
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Thom Valley
> Priority: Minor
>
> Turning on SSL for both client->node and node->node connections is a resource intensive (expensive) operation.
> Being able to only encrypt the username/password when passed (or looked up) as an option would greatly reduce the encryption / decryption overhead created by turning on SSL for all traffic.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)