You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cassandra.apache.org by Abdelkrim Fitouri <ab...@gmail.com> on 2017/11/16 17:31:21 UTC
custom validation before replication
Hi,
I have some security constraint on a project, and i need to validate or
unvalidate changes made on a keyspace via cql or via an other ways before
replication.
for example in the case of multinode cluster with replication, if data was
changed locally using cqlsh, data will be replicated (that is normal
working way for cassandra)
is there a possibility to call a custom validation function just before
data replication ?
Many thanks for any help.
--
Best Regards.
Re: custom validation before replication
Posted by Jon Haddad <jo...@jonhaddad.com>.
Looks like you’ve got this thread going on the user & dev ML. This list is the dev one, and is meant for discussion of the Cassandra project. Would everyone mind replying to the thread of the same name on the user list instead?
> On Nov 16, 2017, at 1:36 PM, Abdelkrim Fitouri <ab...@gmail.com> wrote:
>
> ok please find bellow an example:
>
> Lets suppose that i have a cassandra cluster of 4 nodes / one DC /
> replication factor = 4, So in this architecture i have on full copy of the
> data on each node.
>
> Imagine now that one node have been hacked and in some way with full access
> to cqlsh session, if data is changed on that node, data will be changed on
> the three other, am i right ?
>
> imagine now that i am able to know (using cryptographic bases) if one
> column was modified by my API ( => normal way) or not ( => suspicious way),
> and i want to execute this check function just before any replication of a
> keyspace to avoid that all the replica will be affected by that and so a
> rollback will be not easy and the integrity of all the system will be down,
> the check will for example kill the local cassandra service ...
>
> Hope that my question is more clear now.
>
> Many thanks for any help.
>
> 2017-11-16 21:59 GMT+01:00 Nate McCall <zz...@gmail.com>:
>
>> On Fri, Nov 17, 2017 at 9:11 AM, Abdelkrim Fitouri <ab...@gmail.com>
>> wrote:
>>> Trigger does not resolve my problem because it is not a format validation
>>> issue but an integrity constraint ...
>>>
>>> My purpose is to check data integrity before replication, by returning an
>>> error and killing the service, so i am killing the node that is supposed
>> to
>>> replicate data after a write action ...
>>
>> I'm a little confused. Can you provide some specific examples of your
>> requirements?
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
>> For additional commands, e-mail: dev-help@cassandra.apache.org
>>
>>
>
>
> --
>
> Cordialement / Best Regards.
>
> *Abdelkarim FITOURI*
>
> LPIC/CEH/ITIL
>
> System And Security Engineer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
For additional commands, e-mail: dev-help@cassandra.apache.org
Re: custom validation before replication
Posted by Jeff Jirsa <jj...@gmail.com>.
What you're wanting really isn't supported/available, but you could
probably extend cassandra to do this with some work.
Doing this at replication time is the wrong point, though - you want to do
it before the mutation is applied locally, so triggers are still the
closest to the right point as it exists now.
If you let it apply locally and then try to stop replication, you'll have
to also fight:
- Commitlog replay
- Read repair / consistency levels
- Antientropy repair
- Hints
etc
On Thu, Nov 16, 2017 at 1:36 PM, Abdelkrim Fitouri <ab...@gmail.com>
wrote:
> ok please find bellow an example:
>
> Lets suppose that i have a cassandra cluster of 4 nodes / one DC /
> replication factor = 4, So in this architecture i have on full copy of the
> data on each node.
>
> Imagine now that one node have been hacked and in some way with full access
> to cqlsh session, if data is changed on that node, data will be changed on
> the three other, am i right ?
>
> imagine now that i am able to know (using cryptographic bases) if one
> column was modified by my API ( => normal way) or not ( => suspicious way),
> and i want to execute this check function just before any replication of a
> keyspace to avoid that all the replica will be affected by that and so a
> rollback will be not easy and the integrity of all the system will be down,
> the check will for example kill the local cassandra service ...
>
> Hope that my question is more clear now.
>
> Many thanks for any help.
>
> 2017-11-16 21:59 GMT+01:00 Nate McCall <zz...@gmail.com>:
>
> > On Fri, Nov 17, 2017 at 9:11 AM, Abdelkrim Fitouri <ab...@gmail.com>
> > wrote:
> > > Trigger does not resolve my problem because it is not a format
> validation
> > > issue but an integrity constraint ...
> > >
> > > My purpose is to check data integrity before replication, by returning
> an
> > > error and killing the service, so i am killing the node that is
> supposed
> > to
> > > replicate data after a write action ...
> >
> > I'm a little confused. Can you provide some specific examples of your
> > requirements?
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> > For additional commands, e-mail: dev-help@cassandra.apache.org
> >
> >
>
>
> --
>
> Cordialement / Best Regards.
>
> *Abdelkarim FITOURI*
>
> LPIC/CEH/ITIL
>
> System And Security Engineer
>
Re: custom validation before replication
Posted by Abdelkrim Fitouri <ab...@gmail.com>.
ok please find bellow an example:
Lets suppose that i have a cassandra cluster of 4 nodes / one DC /
replication factor = 4, So in this architecture i have on full copy of the
data on each node.
Imagine now that one node have been hacked and in some way with full access
to cqlsh session, if data is changed on that node, data will be changed on
the three other, am i right ?
imagine now that i am able to know (using cryptographic bases) if one
column was modified by my API ( => normal way) or not ( => suspicious way),
and i want to execute this check function just before any replication of a
keyspace to avoid that all the replica will be affected by that and so a
rollback will be not easy and the integrity of all the system will be down,
the check will for example kill the local cassandra service ...
Hope that my question is more clear now.
Many thanks for any help.
2017-11-16 21:59 GMT+01:00 Nate McCall <zz...@gmail.com>:
> On Fri, Nov 17, 2017 at 9:11 AM, Abdelkrim Fitouri <ab...@gmail.com>
> wrote:
> > Trigger does not resolve my problem because it is not a format validation
> > issue but an integrity constraint ...
> >
> > My purpose is to check data integrity before replication, by returning an
> > error and killing the service, so i am killing the node that is supposed
> to
> > replicate data after a write action ...
>
> I'm a little confused. Can you provide some specific examples of your
> requirements?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> For additional commands, e-mail: dev-help@cassandra.apache.org
>
>
--
Cordialement / Best Regards.
*Abdelkarim FITOURI*
LPIC/CEH/ITIL
System And Security Engineer
Re: custom validation before replication
Posted by Nate McCall <zz...@gmail.com>.
On Fri, Nov 17, 2017 at 9:11 AM, Abdelkrim Fitouri <ab...@gmail.com> wrote:
> Trigger does not resolve my problem because it is not a format validation
> issue but an integrity constraint ...
>
> My purpose is to check data integrity before replication, by returning an
> error and killing the service, so i am killing the node that is supposed to
> replicate data after a write action ...
I'm a little confused. Can you provide some specific examples of your
requirements?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
For additional commands, e-mail: dev-help@cassandra.apache.org
RE: custom validation before replication
Posted by Abdelkrim Fitouri <ab...@gmail.com>.
Trigger does not resolve my problem because it is not a format validation
issue but an integrity constraint ...
My purpose is to check data integrity before replication, by returning an
error and killing the service, so i am killing the node that is supposed to
replicate data after a write action ...
Does that seems possible ?
Many thanks.
Le 16 nov. 2017 18:53, "Jacques-Henri Berthemet" <
jacques-henri.berthemet@genesys.com> a écrit :
Hi,
You can't prevent the replication because if you manage to return a failure
the other node will keep trying to send the data. What would be more
relevant is to prevent the modification in the first place. You could try
to implement a custom trigger and load it in Cassandra:
http://cassandra.apache.org/doc/latest/cql/triggers.html
https://github.com/apache/cassandra/tree/cassandra-3.11/examples/triggers
In your trigger implementation, you'll need to validate the data and throw
an exception if it does not meet your security settings. However, I don't
think you'll have access to the current username/role at this level.
It may be simpler for you to work with regular authentication and roles:
http://cassandra.apache.org/doc/latest/cql/security.html
Regards,
--
Jacques-Henri Berthemet
-----Original Message-----
From: Abdelkrim Fitouri [mailto:abdou.abf@gmail.com]
Sent: jeudi 16 novembre 2017 18:31
To: dev@cassandra.apache.org
Subject: custom validation before replication
Hi,
I have some security constraint on a project, and i need to validate or
unvalidate changes made on a keyspace via cql or via an other ways before
replication.
for example in the case of multinode cluster with replication, if data was
changed locally using cqlsh, data will be replicated (that is normal
working way for cassandra)
is there a possibility to call a custom validation function just before
data replication ?
Many thanks for any help.
--
Best Regards.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
For additional commands, e-mail: dev-help@cassandra.apache.org
RE: custom validation before replication
Posted by Jacques-Henri Berthemet <ja...@genesys.com>.
Hi,
You can't prevent the replication because if you manage to return a failure the other node will keep trying to send the data. What would be more relevant is to prevent the modification in the first place. You could try to implement a custom trigger and load it in Cassandra:
http://cassandra.apache.org/doc/latest/cql/triggers.html
https://github.com/apache/cassandra/tree/cassandra-3.11/examples/triggers
In your trigger implementation, you'll need to validate the data and throw an exception if it does not meet your security settings. However, I don't think you'll have access to the current username/role at this level.
It may be simpler for you to work with regular authentication and roles:
http://cassandra.apache.org/doc/latest/cql/security.html
Regards,
--
Jacques-Henri Berthemet
-----Original Message-----
From: Abdelkrim Fitouri [mailto:abdou.abf@gmail.com]
Sent: jeudi 16 novembre 2017 18:31
To: dev@cassandra.apache.org
Subject: custom validation before replication
Hi,
I have some security constraint on a project, and i need to validate or unvalidate changes made on a keyspace via cql or via an other ways before replication.
for example in the case of multinode cluster with replication, if data was changed locally using cqlsh, data will be replicated (that is normal working way for cassandra)
is there a possibility to call a custom validation function just before data replication ?
Many thanks for any help.
--
Best Regards.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
For additional commands, e-mail: dev-help@cassandra.apache.org
Re: custom validation before replication
Posted by Jeff Jirsa <jj...@gmail.com>.
Going to hate myself for this, but check out the trigger interface.
https://github.com/apache/cassandra/blob/cassandra-3.0/src/java/org/apache/cassandra/triggers/ITrigger.java
Pay attention to the note that says the API is in beta and subject to
change. It's had that note for many years, which is an indication of how
infrequently anyone uses triggers.
On Thu, Nov 16, 2017 at 9:31 AM, Abdelkrim Fitouri <ab...@gmail.com>
wrote:
> Hi,
>
> I have some security constraint on a project, and i need to validate or
> unvalidate changes made on a keyspace via cql or via an other ways before
> replication.
>
> for example in the case of multinode cluster with replication, if data was
> changed locally using cqlsh, data will be replicated (that is normal
> working way for cassandra)
>
> is there a possibility to call a custom validation function just before
> data replication ?
>
> Many thanks for any help.
>
> --
>
> Best Regards.
>