[
https://issues.apache.org/jira/browse/CASSANDRA-11097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15235911#comment-15235911
]
Jason Brown commented on CASSANDRA-11097:
-----------------------------------------
[~jjirsa] Thanks for looking up what Oracle does. On the whole I think it
certainly makes sense to log out the admin/cqlsh sessions if the idle threshold
is exceeded. FTR, I'm totally fine with disconnecting *any* idle connection,
secure or otherwise, and we could probably fashion a solution here that takes
secure/non-secure into account. I'll read CASSANDRA-8303 and it's related
tickets later today. but your suggestion about {{IdleStateHandler}} seems
pretty reasonable.
> Idle session timeout for secure environments
> --------------------------------------------
>
> Key: CASSANDRA-11097
> URL: https://issues.apache.org/jira/browse/CASSANDRA-11097
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Jeff Jirsa
> Priority: Minor
> Labels: lhf, ponies
>
> A thread on the user list pointed out that some use cases may prefer to have
> a database disconnect sessions after some idle timeout. An example would be
> an administrator who connected via ssh+cqlsh and then walked away.
> Disconnecting that user and forcing it to re-authenticate could protect
> against unauthorized access.
> It seems like it may be possible to do this using a netty
> {{IdleStateHandler}} in a way that's low risk and perhaps off by default.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
