Book Image

Learning Apache Cassandra

By : Matthew Brown
4 (1)
Book Image

Learning Apache Cassandra

4 (1)
By: Matthew Brown

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Learning Apache Cassandra
Matthew Brown
Feb, 2015 | 246 pages
No titles found
Table of Contents (19 chapters)
Learning Apache Cassandra
Learning Apache Cassandra
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Up and Running with Cassandra
Getting Up and Running with Cassandra
What Cassandra offers, and what it doesn't
Installing Cassandra
Bootstrapping the project
Creating a keyspace
Summary
2
The First Table
The First Table
Creating the users table
Inserting data
Selecting data
Developing a mental model for Cassandra
Summary
3
Organizing Related Data
Organizing Related Data
A table for status updates
Working with status updates
Anatomy of a compound primary key
Beyond two columns
Compound keys represent parent-child relationships
Coupling parents and children using static columns
Refining our mental model
Summary
4
Beyond Key-Value Lookup
Beyond Key-Value Lookup
Looking up rows by partition
Retrieving status updates for a specific time range
Paginating over rows in a partition
Reversing the order of rows
Paginating over multiple partitions
Building an autocomplete function
Summary
5
Establishing Relationships
Establishing Relationships
Modeling follow relationships
Storing follow relationships
Looking up follow relationships
Unfollowing users
Using secondary indexes to avoid denormalization
Summary
6
Denormalizing Data for Maximum Performance
Denormalizing Data for Maximum Performance
A normalized approach
Partial denormalization
Fully denormalizing the home timeline
Write complexity and data integrity
Summary
7
Expanding Your Data Model
Expanding Your Data Model
Viewing a table schema in cqlsh
Adding columns to tables
Deleting columns
Updating the existing rows
Removing a value from a column
Inserts, updates, and upserts
Lightweight transactions have a cost
Summary
8
Collections, Tuples, and User-defined Types
Collections, Tuples, and User-defined Types
The problem with concurrent updates
Collection columns and concurrent updates
Using lists for ordered, nonunique values
Using maps to store key-value pairs
Collections in inserts
Collections and secondary indexes
The limitations of collections
Working with tuples
User-defined types
Choosing between tuples and user-defined types
Comparing data structures
Summary
9
Aggregating Time-Series Data
Aggregating Time-Series Data
Recording discrete analytics observations
Recording aggregate analytics observations
Recording analytics observations
Summary
10
How Cassandra Distributes Data
How Cassandra Distributes Data
Data distribution in Cassandra
Data replication in Cassandra
Consistency
Handling conflicting data
Distributed deletion
Summary
Peeking Under the Hood
Peeking Under the Hood
Using cassandra-cli
The structure of a simple primary key table
Compound primary keys in column families
Collection columns in column families
Summary
Authentication and Authorization
Authentication and Authorization
Enabling authentication and authorization
Setting up a user
Controlling access
Authorization in action
Security beyond authentication and authorization
Summary
Wrapping up
Index
Index

Security beyond authentication and authorization

The security afforded by Cassandra-level authentication and authorization only applies to clients connecting directly to your Cassandra cluster. Anyone who has physical access to the machines running Cassandra can access the data stored on disk; the same goes for anyone with SSH access to machines in the Cassandra cluster. Cassandra itself does not offer encryption for on-disk data, but DataStax Enterprise, a commercial distribution of Cassandra, does offer encryption of at-risk data. For more information, consult http://www.datastax.com/documentation/datastax_enterprise/4.5/datastax_enterprise/sec/secTDE.html.

Data security can also be compromised in transit; anyone who can intercept traffic between your application and your Cassandra cluster can potentially gain unauthorized access to your data. Cassandra offers client-to-node SSL encryption that protects your data in transit between your application and your cluster. For information on setting up client-to-node encryption, see http://www.datastax.com/documentation/cassandra/2.1/cassandra/security/secureSSLClientToNode_t.html.

Finally, normal operation of Cassandra involves passing data between different nodes in the cluster; if attackers can intercept inter-node communication, they can gain access to your data. Cassandra has the ability to encrypt all node-to-node traffic; for information on configuring node-to-node encryption, see http://www.datastax.com/documentation/cassandra/2.1/cassandra/security/secureSSLNodeToNode_t.html.

Security protects against vulnerabilities

We've covered authentication and authorization in depth and also mentioned a few other security measures available in Cassandra or DataStax Enterprise. However, not every deployment will need every security measure in place. What security measures you need depends on the sensitivity of your data and the security characteristics of your deployment. As an application engineer, you likely leave the details of deployment security to your sysadmins, but this table can provide a quick reference to what sort of security measures you should think about:

Security measure

Vulnerability protected against

Alternative protections

Internal authentication & authorization

Direct access to Cassandra cluster via CQL binary protocol

Restrict access to the Cassandra cluster to secure the private network

On-disk data encryption

Shell access to machines hosting the Cassandra cluster

Restrict shell and physical access to Cassandra hosts

Client-to-node encryption

Network link between the application and the Cassandra cluster

Restrict access to private network traffic using encryption or physical isolation

Node-to-node encryption

Network link between Cassandra nodes

Restrict access to private network traffic using encryption or physical isolation

It's quite plausible that, with both your application and Cassandra deployment protected by a well-secured VPN, you may not need to concern yourself with any database-level security measures.

Previous Section
End of Section
Next Section