Encryption

[oleg yusim]

Greetings,

I'm looking at the data-at-transit encryption implementation from the
security point of view, and I'm mildly surprised with following:

1) Passwords for keystore and truststore are in clear text in
cassandra.yaml (Why? If we are going into the trouble of creating keystore
and truststore, we want to protect our certificates and keys in case if the
intruder broke into the box. If so, why are we giving this intruder
passwords?)

2) We are instructing administrator to extract content of keystore and
leave all the keys and certs in clear.(Why? If we are giving it all away
why we even need the keystore? And if we do, why we are giving it away?)

Thanks,

Oleg

Concurrent connections

[oleg yusim]

Greetings,

I was looking for a way to limit amount of concurrent connection on per
user base, but it looks like Cassandra doesn't support it.

So for the lack of it, I switched to the per IP base, which Cassandra
supports. Now here is the question comes:

What are the values for native_transport_max_concurrent
and native_transport_max_concurrent_per_ip development team recommends not
to exceed?

>From what I read here: https://issues.apache.org/jira/browse/CASSANDRA-7231
it appears the limit might be 2^15 - 1. Would it be a correct assumption?

Thanks,

Oleg