Details
-
Improvement
-
Status: Resolved
-
Low
-
Resolution: Fixed
-
Production
Description
It's possible for a node to join an existing cluster (with perhaps more stringent security restrictions i.e. not using AllowAllAuthentication) and issue destructive commands that affect the cluster at large (e.g. drop keyspace via cassandra-cli, etc).
This can be circumvented with a pluggable security module that could be used to implement basic node vetting/identification/etc.
Attachments
Attachments
Issue Links
- is duplicated by
-
CASSANDRA-5399 Offer pluggable security for inter-node communication
- Resolved