The 'Authentication and Authorization Configuration' page says that the org.apache.cassandra.auth.SimpleAuthenticator and org.apache.cassandra.auth.SimpleAuthorityare not secure. Could someone explain why? Is general design of putting passwords in a file on the conf directory for implementations of the IAuthorization interface to access not secure? What changes would I have to make to them to make it secure?
In an effort to consolidate free help offered for our products we have decided to move these forums to a more widely used forum. Please use one of the following queries (or any combination):
- Cassandra: tag search or plain text search
- DataStax Enterprise: tag search or plain text search
- DataStax OpsCenter: tag search or plain text search
SimpleAuthenticator and SimpleAuthority(2 posts) (2 voices)
Those are demo's to play around, not recommended for production.
It is not good to store passwords in a file even if it is encrypted.
You can go for LDAP level authentications.