Summary
In this final appendix, we explored Cassandra's ability to restrict access to itself using internal authentication and authorization. We saw that Cassandra offers simple configuration of user accounts and permissions using a collection of CQL commands provided for that purpose, and also that this information is stored transparently in tables in the system_auth
keyspace.
We noted that internal authorization can be useful for traditional security concerns, but also simply as a hedge against mistakes. By limiting access to that which is strictly needed, we can reduce our vulnerability to user errors that can unintentionally cause major data loss.
We also noted that internal authentication and authorization are not the full security picture for a Cassandra deployment. While the details are beyond the scope of a book whose audience is primarily application engineers, we did a brief survey of other security measures a Cassandra deployment might undertake, and we briefly discussed situations...