The 'Authentication and Authorization Configuration' page says that the org.apache.cassandra.auth.SimpleAuthenticator and org.apache.cassandra.auth.SimpleAuthorityare not secure. Could someone explain why? Is general design of putting passwords in a file on the conf directory for implementations of the IAuthorization interface to access not secure? What changes would I have to make to them to make it secure?
SimpleAuthenticator and SimpleAuthority(2 posts) (2 voices)
Those are demo's to play around, not recommended for production.
It is not good to store passwords in a file even if it is encrypted.
You can go for LDAP level authentications.