[jira] Commented: (CASSANDRA-547) authentication and authorization functions (stage 1)

Wed, 06 Jan 2010 09:42:18 -0800 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12797195#action_12797195
 ] 

Eric Evans commented on CASSANDRA-547:
--------------------------------------

With respect to: CASSANDRA-547-auth.patch

Why AuthenticationRequest? Why not pass a map directly to login()?

Also, these AuthenticationExceptions in SimpleAuthenticationBackend for things 
like invalid passwd.mode property, or for being unable to open the 
passwd.properties file are at best being delivered to the wrong entity (they 
are server side issues and the details are going to the client); at worst they 
are leaking potentially sensitive information. 

Ideally these would be something other than AuthenticationExceptions, something 
that more explicitly indicated a server-side issue, TApplicationException 
maybe? Either way though, the specifics should probably logged for the admin, 
and a more opaque message delivered to the client.

I also have a couple of style nits:

 * We're trying to get away from the trailing-underscore-on-private-members 
convention, so if you could avoid introducing any more, that would be great.

 * I think appending the substring "Backend" to all of these classes is a 
little redundant, how about IAuthenticator, SimpleAuthenticator, etc?

Thanks again Ted.

> authentication and authorization functions (stage 1)
> ----------------------------------------------------
>
>                 Key: CASSANDRA-547
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-547
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Ted Zlatanov
>            Assignee: Ted Zlatanov
>         Attachments: CASSANDRA-547-auth.patch
>
>
> Add functions to login() and setKeyspace().  Check against 
> authentication+authorization backends whether those calls should succeed or 
> fail.
> Create file-based and LDAP backends to implement authentication and 
> authorization.
> Create AllowAll backend to allow all access.
> Add configuration stanza to specify the auth backend.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to