In this article, we will discuss how we can secure a Cassandra cluster and It involves tasks like authentication, authorization, etc. let’s discuss one by one.
There are four concepts to secure Cassandra Authorization, Authentication, Encryption, Firewalls.
-
Authentication:
In this, we will check How we allow applications and users to log into the cluster.
- Authorization:
In this, we deal with the granting of permissions such that the user wants to create, read and write data, etc. to access a database or database objects such as tables and materialized views.
- Encryption:
In this, we refer to the use of the Secure Socket Layer (SSL) which is security layers to secure communications between clients and Cassandra databases, and among a cluster’s nodes.
- Firewalls:
In this, we managing firewall port such that 9042 is a Client port for Cassandra (client) access involves knowing which ports you must keep open.
Now, we are going to use cqlsh with administrator privileges. Cassandra comes with a built-in role Cassandra and the password is also Cassandra. cqlsh query used to access the built-in role is the following.
cqlsh 127.0.0.1 -u cassandra -p cassandra
Output:
Now, If we will try to create a new role, alter Role, Drop Role, etc. we can receive the following error like
InvalidRequest: Error from server:
code=2200 [Invalid query]message="org.apache.cassandra.auth.CassandraRoleManager
doesn't support PASSWORD.
Configuring Authentication :
All authorization and authentication are through database roles. Use the CREATE ROLE, ALTER ROLE, DROP ROLE, LIST ROLES, and LIST_PERMISSIONS commands instead.
To resolve the following error change default Authentication values in the cassandra.yaml file.
//default value
#authenticator: AllowAllAuthenticator
// set the authenticator value
authenticator: org.apache.cassandra.auth.PasswordAuthenticator
//default value
#authorizer: AllowAllAuthorizer
//set the authorizer value
authorizer: org.apache.cassandra.auth.CassandraAuthorizer
After any change in the Cassandra.yaml file saves the file and then Restart the database and again log in to cqlsh using the credentials for the default superuser Cassandra.
cqlsh -u cassandra -p cassandra
Now, we are going to create a new role, list role, drop role, etc.
Create a new role :
To create a new role used the following CQL query.
cassandra@cqlsh> create user 'User' with password 'User';
We can see the output of the following query by using “list roles” commands.
Output:
In Cassandra By default, the LOGIN property in the CREATE ROLE statement has the value False. When you’re creating a login role, you must set this property to True. we can view the roles in a database by querying the system_auth.roles table, shown here:
//system_auth.roles: Stores roles and role members.
select * from system_auth.roles;
Output:
Role permissions:
By using, role permissions cql query we can check the permissions like a role can create, read, delete, etc. data operations on a particular database and role created by a superuser.
cassandra@cqlsh> select * from system_auth.role_permissions;
Output:
Similar Reads
Application Security in DBMS
Application security denotes the security precautionary measures utilized at the application level to prevent the stealing or capturing of data or code inside the application. It also includes the security measurements made during the advancement and design of applications, as well as techniques and
9 min read
Challenges of database security in DBMS
Seeing the vast increase in volume and speed of threats to databases and many information assets, research efforts need to be consider to the following issues such as data quality, intellectual property rights, and database survivability. Let's discuss them one by one. 1. Data quality - The database
5 min read
What is Cloud Database Security in DBMS?
Cloud Database Security in DBMS is a system located on a cloud computing platform. It consists of an ordered data set controlled and hosted in a public, private, and hybrid environment. Examples of cloud database security in DBMS are data and resource access control, as well as user and device authe
5 min read
Control methods of Database Security
Database Security means keeping sensitive information safe and prevent the loss of data. Security of data base is controlled by Database Administrator (DBA). The following are the main control measures are used to provide security of data in databases: 1. Authentication 2. Access control 3. Inferenc
3 min read
Computer based control in Database
In this article, we will discuss the overview of computer-based controls and will discuss computer-based control available in a multi-user database environment in detail. Let's discuss it one by one. Overview :The different forms of countermeasure to threats on the computer systems from physical con
4 min read
What is User Authentication in DBMS?
User Authentication is a process in which the identity of any user is verified before they can access anything in your database. It is the process of securing data from unauthorized access. It is important to implement user authentication in DBMS to prevent data theft, data loss, or network attacks.
9 min read
How to store a password in database?
Most of the web applications require their users to authenticate themselves by asking them username and password. They compare the user supplied credentials with the data stored in their database and if the credentials match, the user is granted access. Sounds good! But what will happen if the datab
7 min read
Information Assurance vs Information Security
In the world of modern technologies, the security of digital information is an important aspect. Cyber-attacks and theft, exploitation and loss of data are the constant threats these days. To prevent all these, there is a variety of techniques available. But in all other ways, the two most common an
9 min read
Cryptography and Network Security Principles
In the present-day scenario security of the system is the sole priority of any organization. The main aim of any organization is to protect their data from attackers. In cryptography, attacks are of two types: Passive attacks and Active attacks. Passive attacks are those that retrieve information fr
9 min read
Difference Between Security and Protection
An operating system provides a method to prevent tampering with both logical and physical resources. Security and protection rank among them as two. Protection and security are distinct concepts, even though they are frequently used synonymously. To protect user applications and data, unauthorized u
5 min read