cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sylvain Lebresne (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-8085) Make PasswordAuthenticator number of hashing rounds configurable
Date Thu, 26 Mar 2015 17:10:53 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-8085?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14382242#comment-14382242
] 

Sylvain Lebresne commented on CASSANDRA-8085:
---------------------------------------------

Almost surely due to a release bump on my part too. This is why we should only set a single
"fix version" before commit (and the committer can feel free to update that to whatever he
committed to once he resolve the ticket), as otherwise there is no simple way to bump versions
simply and that is what happen. TL;DR, the removal of 2.0 of the "fix version" was an accident.

> Make PasswordAuthenticator number of hashing rounds configurable
> ----------------------------------------------------------------
>
>                 Key: CASSANDRA-8085
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8085
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Tyler Hobbs
>            Assignee: Sam Tunnicliffe
>             Fix For: 3.0, 2.1.4
>
>         Attachments: 8085-2.1.txt, 8085-3.0.txt
>
>
> Running 2^10 rounds of bcrypt can take a while.  In environments (like PHP) where connections
are not typically long-lived, authenticating can add substantial overhead.  On IRC, one user
saw the time to connect, authenticate, and execute a query jump from 5ms to 150ms with authentication
enabled ([debug logs|http://pastebin.com/bSUufbr0]).
> CASSANDRA-7715 is a more complete fix for this, but in the meantime (and even after 7715),
this is a good option.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message