cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksey Yeschenko (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
Date Thu, 18 Sep 2014 06:38:33 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138585#comment-14138585
] 

Aleksey Yeschenko commented on CASSANDRA-7968:
----------------------------------------------

bq. Isn't this a security flaw?

You mean someone increasing the validity period? I'd say it's no big deal. Or, rather, that
if someone who shouldn't have JMX access to your nodes has it, you are in much deeper trouble.

> permissions_validity_in_ms should be settable via JMX
> -----------------------------------------------------
>
>                 Key: CASSANDRA-7968
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7968
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Brandon Williams
>            Assignee: Brandon Williams
>            Priority: Minor
>             Fix For: 2.0.11, 2.1.1
>
>         Attachments: 7968.txt
>
>
> Oftentimes people don't think about auth problems and just run with the default of RF=2
and 2000ms until it's too late, and at that point doing a rolling restart to change the permissions
cache can be a bit painful vs setting it via JMX everywhere and then updating the yaml for
future restarts.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message