[jira] [Commented] (CASSANDRA-11097) Idle session timeout for secure environments

[Alex Petrov (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-11097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16881019#comment-16881019
 ] 

Alex Petrov commented on CASSANDRA-11097:
-----------------------------------------

[~andrew.tolbert] you're right that it will require configuration on the client 
side. And perhaps the definition I had while implementing this feature is 
slightly different from what [~jjirsa] has initially envisioned for this. I do 
agree that walking away from cql session would require us to actually ignore 
heartbeats for idleness. In other words, heartbeats can still be used for 
failure detection, but not for idleness detection. But I feel like this might 
be unnecessary. If anyone thinks this is important, I'll be happy to continue 
the conversation. Right now, idle heartbeat timeout in Python driver is 30 
seconds. 

In any case, I would say that using this as a security mechanism might not be 
the best idea. As a precaution - possibly, but not as a primary security 
measure. Additionally, timed out cqlsh sessions require restart of CCM, since 
it seems like there was no reconnection built into cqlsh. I know Java driver 
would reconnect on failure, and I have expected python driver to do the same 
and I'm not sure why this might be not the case.

[~iamaleksey] these are good nits, thank you for the review. 

> Idle session timeout for secure environments
> --------------------------------------------
>
>                 Key: CASSANDRA-11097
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-11097
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Legacy/CQL
>            Reporter: Jeff Jirsa
>            Assignee: Alex Petrov
>            Priority: Low
>              Labels: lhf, ponies
>             Fix For: 4.0
>
>
> A thread on the user list pointed out that some use cases may prefer to have 
> a database disconnect sessions after some idle timeout. An example would be 
> an administrator who connected via ssh+cqlsh and then walked away. 
> Disconnecting that user and forcing it to re-authenticate could protect 
> against unauthorized access.
> It seems like it may be possible to do this using a netty 
> {{IdleStateHandler}} in a way that's low risk and perhaps off by default.  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org