[
https://issues.apache.org/jira/browse/CASSANDRA-17457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583413#comment-17583413
]
Stefan Miklosovic commented on CASSANDRA-17457:
-----------------------------------------------
Glad to year you are going to own this! Let me know how the creation of CEP
goes and if you need any additional assistance with it. The way I see it is
that you eventually do your part and somewhere along the way Berenguer jumps in
when the time is right for him. Please tell me if my assumtions are sane here.
In the meanwhile, our deal with Jackson is that I should kind of sheppard what
he does.
> User password strength
> ----------------------
>
> Key: CASSANDRA-17457
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17457
> Project: Cassandra
> Issue Type: Improvement
> Components: Feature/Authorization
> Reporter: Berenguer Blasi
> Assignee: Jackson Fleming
> Priority: Normal
> Labels: low-hanging-fruit
> Fix For: 4.x
>
>
> Currently we can create a user with a very insecure password such as 'A'.
> _CREATE ROLE coach WITH PASSWORD = 'A' AND LOGIN = true;_
>
> As we can see there are no restrictions on length, characters, etc We should
> discuss and adopt some best practices in this area. A warning would be the
> preference instead of erroring out. Historically this has been left to be
> dealt by LDAP or other auth systems so we can't error out.
> Newcomers:
> - We should add warnings when a weak password is provided on DCL CQL. The
> {{validate}} method looks like a good place at face value. Fell free to
> analyze and suggest otherwise. See {{ClientWarn}} usages for examples.
> - We should add junit methods for the newly created warnings
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
