Securing the database
Cassandra database security features.
- Authentication based on internally controlled
rolename/passwords
Authentication is roles-based and stored internally in tables. Administrators can create, alter, drop, or list roles using CQL commands. Roles have superuser, login, and password properties.
- Authorization based on object permission
management
Authorization provides access control on database resources to authenticated roles. Authorization can grant permission to access the entire database or restrict a role to individual table access. Roles can be granted to roles to create a permissions hierarchy and separate login roles from sets of permissions. Use the CQL GRANT and REVOKE commands to manage authorization.
- Authentication and authorization based on JMX
username/passwords
JMX (Java Management Extensions) technology provides a simple and standard way of managing and monitoring resources related to an instance of a Java Virtual Machine (JVM). This is achieved by instrumenting resources with Java objects known as Managed Beans (MBeans) that are registered with an MBean server. JMX authentication stores username and associated passwords in two files, one for passwords and one for access. JMX authentication is used by nodetool and external monitoring tools such as jconsole.
- SSL encryption
Secure communication between a client and a database cluster, and between nodes in a cluster. Enabling SSL encryption ensures that data in flight is not compromised and is transferred securely. Client-to-node and node-to-node encryption are independently configured. Tools (cqlsh, nodetool) can be configured to use SSL encryption. The DataStax drivers can be configured to secure traffic between the driver and the database.