[
https://issues.apache.org/jira/browse/CASSANDRA-11097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16878821#comment-16878821
]
Andy Tolbert commented on CASSANDRA-11097:
------------------------------------------
Thanks for the background [~ifesdjeen], that makes sense to me (y). I can see
how being able to clean up defunct connections that aren't doing anything would
be nice, especially since TCP keepalive defaults are usually large (2 hours).
With regards to this case from description:
{quote}
An example would be an administrator who connected via ssh+cqlsh and then
walked away. Disconnecting that user and forcing it to re-authenticate could
protect against unauthorized access.
{quote}
If the underlying python-driver was using the default heartbeat configuration,
wouldn't the connections stay alive then even with this new configuration? Even
if it did close the connections, the driver would likely successfully reconnect
since it looks like the configured auth provider for cqlsh will retain
credentials between reconnections.
That being said I still like the change as it enables the capability of timing
out idle connections, but may require some configuration on the client side to
achieve the "walk way from my cqlsh session" case.
> Idle session timeout for secure environments
> --------------------------------------------
>
> Key: CASSANDRA-11097
> URL: https://issues.apache.org/jira/browse/CASSANDRA-11097
> Project: Cassandra
> Issue Type: Improvement
> Components: Legacy/CQL
> Reporter: Jeff Jirsa
> Assignee: Alex Petrov
> Priority: Low
> Labels: lhf, ponies
> Fix For: 4.0
>
>
> A thread on the user list pointed out that some use cases may prefer to have
> a database disconnect sessions after some idle timeout. An example would be
> an administrator who connected via ssh+cqlsh and then walked away.
> Disconnecting that user and forcing it to re-authenticate could protect
> against unauthorized access.
> It seems like it may be possible to do this using a netty
> {{IdleStateHandler}} in a way that's low risk and perhaps off by default.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
