Skip to content

[CASSANDRA-21392] Security Model for Apache Cassandra#4828

Open
frankgh wants to merge 1 commit into
apache:trunkfrom
frankgh:security-model
Open

[CASSANDRA-21392] Security Model for Apache Cassandra#4828
frankgh wants to merge 1 commit into
apache:trunkfrom
frankgh:security-model

Conversation

@frankgh
Copy link
Copy Markdown
Contributor

@frankgh frankgh commented May 19, 2026

Patch by Francisco Guerrero; reviewed by TBD for CASSANDRA-21392

smiklosovic
smiklosovic reviewed May 21, 2026
View reviewed changes
Comment thread doc/modules/cassandra/pages/reference/security-model.adoc

=== Trusted Sources

Cassandra trusts the following data sources. It is the responsibility of the deployer to protect them:
Copy link
Copy Markdown
Contributor

@smiklosovic smiklosovic May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should probably also mention all possible extension points Cassandra offers in the fashion of implementing an appropriate interface (ICompressor, IAuthenticator, ISeedProvider ...). Also all SPIs. Basically, anything an operator puts on class path and Cassandra picks it up one way or another is trusted too. We do not have control over third party implementations.

Given that these implementations might in theory contain any Java code, basically, they can hook into Cassandra's internals freely and call whatever they want.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smiklosovic smiklosovic smiklosovic left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@frankgh @smiklosovic