Skip to content

Instantly share code, notes, and snippets.

View zznate's full-sized avatar

Nate McCall zznate

View GitHub Profile
There are three main components to the security features provided by Cassandra:
- TLS/SSL encryption for client and inter-node communication
- Client authentication
- Authorization
By default, these features are disabled as Cassandra is configured to easily find and be found by other members of a
cluster. In other words, an out-of-the-box Cassandra installation presents a large attack surface for a bad actor.
Enabling authentication for clients using the binary protocol is not sufficient to protect a cluster. Malicious users
able to access internode communication and JMX ports can still:
@zznate
zznate / MyClusterManager.java
Created October 14, 2015 23:01
Example of a "Component" or "Resource" controlling Cassandra access
public class MyClusterManager {
private Session session;
private Cluster cluster;
@javax.annotation.PostConstruct
public void init() throws IOException
{
cluster = createCluster(); // private method that builds a cluster
session = createSession(); // private method that builds a session
@zznate
zznate / options.yaml
Last active September 21, 2015 18:51
#
server_encryption_options:
internode_encryption: all
keystore: conf/server-keystore.jks
keystore_password: awesomekeypass
truststore: conf/server-truststore.jks
truststore_password: truststorepass
protocol: TLS
algorithm: SunX509
store_type: JKS
server_count = 5
network = '192.168.50.'
first_ip = 100
servers = []
seeds = []
cassandra_tokens = []
(0..server_count-1).each do |i|
name = 'node' + (i + 1).to_s
ip = network + (first_ip + i).to_s
zznate-mcp:usergrid-rest-apigee-production$ mvn clean install -Dusergrid.stack.shasum=40cc5158eaaf7e5017d1f7e078847b0bc3d8223b
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building org.usergrid.core [org.usergrid] 1.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.4.1:clean (default-clean) @ usergrid-rest-apigee-production ---
[INFO]
[INFO] --- maven-resources-plugin:2.5:resources (default-resources) @ usergrid-rest-apigee-production ---
/etc/alternatives/jre_1.7.0/bin/java CryptTest test
original: test
encrypted: ڝ8?p??7m?Q(7??
Exception in thread "main" java.lang.IllegalStateException: javax.crypto.BadPaddingException: Invalid pad value!
at CryptTest.decrypt(CryptTest.java:67)
at CryptTest.main(CryptTest.java:25)
Caused by: javax.crypto.BadPaddingException: Invalid pad value!
at sun.security.pkcs11.P11Cipher$PKCS5Padding.unpad(P11Cipher.java:106)
at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:893)
at sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:552)
list<ColumnOrSuperColumn> get_slice(1:required binary key,
2:required ColumnParent column_parent,
3:required SlicePredicate predicate,
4:required ConsistencyLevel consistency_level=ConsistencyLevel.ONE)
throws (1:InvalidRequestException ire, 2:UnavailableException ue,
3:TimedOutException te),
{"e":[
{"type":"SETKEYSPACE","op":{"keyspace":"myks"}},
{"type":"CREATEKEYSPACE","op":{"name":"myks","replication":1}},
{"type":"CREATECOLUMNFAMILY","op":{"name":"mycf"}},
{"type":"SETCOLUMNFAMILY","op":{"columnfamily":"mycf"}},
{"type":"AUTOTIMESTAMP","op":{}},
{"type":"SET","op":{"columnName":"6","rowkey":"5","value":"7"}},
{"type":"SLICE","op":{"end":"9","rowkey":"5","size":4,"start":"1"}}
]}
diff --git a/rest/src/main/java/org/usergrid/rest/management/organizations/OrganizationsResource.java b/rest/src/main/java/org/usergrid/rest/management/organizations/OrganizationsRe
index 8d98ca5..414c63b 100644
--- a/rest/src/main/java/org/usergrid/rest/management/organizations/OrganizationsResource.java
+++ b/rest/src/main/java/org/usergrid/rest/management/organizations/OrganizationsResource.java
@@ -124,7 +124,7 @@ public class OrganizationsResource extends AbstractContextResource {
OrganizationOwnerInfo organizationOwner = management
.createOwnerAndOrganization(organizationName, username, name,
- email, password, false, false, true);
+ email, password, true, false, false);