You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by zz...@apache.org on 2017/12/20 00:12:12 UTC

cassandra git commit: Small tweak of new security language on attack surface.

Repository: cassandra
Updated Branches:
  refs/heads/trunk 8764ef2da -> 03f5997f9


Small tweak of new security language on attack surface.


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/03f5997f
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/03f5997f
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/03f5997f

Branch: refs/heads/trunk
Commit: 03f5997f9c18f13fd0c18dcdbeeed82e912de494
Parents: 8764ef2
Author: Nate McCall <zz...@gmail.com>
Authored: Wed Dec 20 13:11:54 2017 +1300
Committer: Nate McCall <zz...@gmail.com>
Committed: Wed Dec 20 13:11:54 2017 +1300

----------------------------------------------------------------------
 doc/source/operating/security.rst | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/03f5997f/doc/source/operating/security.rst
----------------------------------------------------------------------
diff --git a/doc/source/operating/security.rst b/doc/source/operating/security.rst
index 212a25e..21245fd 100644
--- a/doc/source/operating/security.rst
+++ b/doc/source/operating/security.rst
@@ -26,12 +26,13 @@ There are three main components to the security features provided by Cassandra:
 
 By default, these features are disabled as Cassandra is configured to easily find and be found by other members of a
 cluster. In other words, an out-of-the-box Cassandra installation presents a large attack surface for a bad actor.
-Possible attack vectors include:
+Enabling authentication for clients using the binary protocol is not sufficient to protect a cluster. Malicious users
+able to access internode communication and JMX ports can still:
 
-- Crafted internode messages to insert users into authentication schema
-- Crafted internode messages to truncate or drop schema
-- Use of tools such as ``sstableloader`` to overwrite ``system_auth`` tables 
-- Attaching to the cluster directly to capture write traffic
+- Craft internode messages to insert users into authentication schema
+- Craft internode messages to truncate or drop schema
+- Use tools such as ``sstableloader`` to overwrite ``system_auth`` tables 
+- Attach to the cluster directly to capture write traffic
 
 Correct configuration of all three security components should negate theses vectors. Therefore, understanding Cassandra's
 security features is crucial to configuring your cluster to meet your security needs.


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org