[
https://issues.apache.org/jira/browse/CASSANDRA-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13502234#comment-13502234
]
Brandon Williams commented on CASSANDRA-3017:
---------------------------------------------
bq. I think this also would cause some dropped messages when FD announces that
a node is back up and the cluster tries to replicate stuff to it, but it
doesn't know yet that the source is a cluster member.
This shouldn't happen very often since we persist tokens and announce the range
for bootstrap for an adequate amount of time.
If we're dealing with a truly malicious adversary however, it can easily
advertise a generation higher than any existing token, take it over, and then
OOM us with a large message. It seems like the only way to prevent this is
authentication by way of internode encryption.
> add a Message size limit
> ------------------------
>
> Key: CASSANDRA-3017
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3017
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Reporter: Jonathan Ellis
> Assignee: Kirk True
> Priority: Minor
> Labels: lhf
> Attachments:
> 0001-use-the-thrift-max-message-size-for-inter-node-messa.patch,
> trunk-3017.txt
>
>
> We protect the server from allocating huge buffers for malformed message with
> the Thrift frame size (CASSANDRA-475). But we don't have similar protection
> for the inter-node Message objects.
> Adding this would be good to deal with malicious adversaries as well as a
> malfunctioning cluster participant.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
