We’re constantly striving to ensure that Instaclustr is the most secure, easy and reliable way to run Apache Cassandra. This post outlines some recent changes we have made to enforce tighter security for the Cassandra clusters we deploy for our customers.
A recent release of our provisioning system has further tightened security arrangements when clusters are first provisioned with Instaclustr. This post explains our thinking behind these changes and provides some more details on how things are working behind the scenes.
The standard behavior of Cassandra is to create a new super user with user name “cassandra” and password “cassandra” when it first starts up. Of course, we have always recommended that customers change this password, and even drop the user, when they first log in to their cluster.
Our aim is to make it as easy as possible for customers to be secure so we’ve changed our provisioning system so that even if you forget to change the default password, you’ll still be reasonably secure (we still recommend you change the password we’re now generating to be as secure as possible).
The approach we’re now taking for provisioned clusters is:
- We deny all access to the default Cassandra user (this is an extension to the customer authenticator we discussed here).
- We create a new user, iccassandra, on creation of the cluster. This user will be assigned a randomly generated password.
- This generated password will be stored in our management system and displayed in the Instaclustr console on the connection details page for your cluster.
- The connection details page has a button “I have recorded the password”. Once you click this, we will remove all details of the initially generated password from our system.
- If you don’t click the button within 5 days of creating your cluster, we will automatically remove the password from our system.
We recommend that as well as clicking the button to remove the generated password from our management system, you either change the password or create a new super user and drop our default user when you first log in. It is important that you always click the “I have recorded the password” button to remove the default password from our system because while we have a password in our database we ensure that an iccassandra user exists in the cluster (we will recreate the users if it is missing but we will not change the password). We retain administrative access to your cluster to ensure we can help you recover access even if you lose all your credentials.
We think these changes are another good step in making sure Instaclustr is the easiest way to securely run Cassandra in the cloud.
One of the drivers behind these changes was implementing our Heroku add-on provider which has just entered Alpha testing. If you’re a Heroku user and interested in testing the Instaclustr Heroku add-on then email us at firstname.lastname@example.org – we’d love to get your feedback.