[
https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138577#comment-14138577
]
Benedict edited comment on CASSANDRA-7968 at 9/18/14 6:38 AM:
--------------------------------------------------------------
-Isn't this a security flaw?- edit: I see we support authentication over JMX,
but it still leaves me a little uncomfortable; if we're not accepting commands
like this only over authenticated, SSL'd JMX connections, it leaves this open
to exploit. Probably not a big deal, but still a slight potential security risk
was (Author: benedict):
Isn't this a security flaw?
> permissions_validity_in_ms should be settable via JMX
> -----------------------------------------------------
>
> Key: CASSANDRA-7968
> URL: https://issues.apache.org/jira/browse/CASSANDRA-7968
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Reporter: Brandon Williams
> Assignee: Brandon Williams
> Priority: Minor
> Fix For: 2.0.11, 2.1.1
>
> Attachments: 7968.txt
>
>
> Oftentimes people don't think about auth problems and just run with the
> default of RF=2 and 2000ms until it's too late, and at that point doing a
> rolling restart to change the permissions cache can be a bit painful vs
> setting it via JMX everywhere and then updating the yaml for future restarts.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
