Return-Path: X-Original-To: apmail-cassandra-user-archive@www.apache.org Delivered-To: apmail-cassandra-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8A2E117A21 for ; Fri, 29 Jan 2016 17:17:01 +0000 (UTC) Received: (qmail 56401 invoked by uid 500); 29 Jan 2016 17:16:58 -0000 Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org Received: (qmail 56359 invoked by uid 500); 29 Jan 2016 17:16:58 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 56347 invoked by uid 99); 29 Jan 2016 17:16:58 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Jan 2016 17:16:58 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id BB08D18049C for ; Fri, 29 Jan 2016 17:16:57 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.9 X-Spam-Level: ** X-Spam-Status: No, score=2.9 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 3VIClj55Zxwk for ; Fri, 29 Jan 2016 17:16:45 +0000 (UTC) Received: from mail-ig0-f169.google.com (mail-ig0-f169.google.com [209.85.213.169]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id E43C22050B for ; Fri, 29 Jan 2016 17:16:44 +0000 (UTC) Received: by mail-ig0-f169.google.com with SMTP id z14so41294356igp.1 for ; Fri, 29 Jan 2016 09:16:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=iikiuQHhUxokjH5aXgnMVP+Tm5uM2geaRuFS2TVzw/E=; b=dugN6+GhppyUwQGCToNOmSuxXIHLtRdNaF/t5CkID3D9MoYgNaJHy4gwuIcxPgPRPh JrL6wqDPTvhqIqYvX3Ok0Vz+dPGykSRn+1Y1+VdY65Sno6Xk4lr8W0bTIqSe5Vr2Pu/K y8OIEhEJT/CWVxUBakuEZdfko1Mco9bwYZml2gZKvQxbTJE4Ix245UvJLU3lUnPhYs46 tAKKUjvXHRxRAAUz+ElHJ05K/Ihf7B1FBTD3bHn+AwGanvHYXyJ+wUVlqP6SHlZd+4O5 Jd2zFwXuipaq8+qL5v9RlnbMAiRY7ENtJxOw+Bq300rObUGmluxIIkz2JlC02pf7QYOX 6jMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=iikiuQHhUxokjH5aXgnMVP+Tm5uM2geaRuFS2TVzw/E=; b=CDdJuo3AYRWDH5nPFj1RNefSdA26Yfj+x0ImfW8PNa2oDfHx6p+6KwLwXGKLpnWPpo ogp6wCnMVQxnxWpNb5JFJjI8ubBcso+fpU9ctEMfIsS+tMPv1lJg+tmYYFxBujrvdDdB GmdpyOxYhbvDV5WU7G5u1e3GkYK8edotfIMfyF2HcZpIAnhulRER/4hoSc2x1pDhU85r j6yDnIMUuzHibAFjkAQZgpAkKOKakJ6wGTRZmZ55/DRx0Q5FGNpArAM5x40D4IKCq7u+ N9oybmp2Eaw6+s1cOOcnAdwkPFLmBu4Zn51UknMGNGdKv/8GY6MHPmcGeosDII7GSPlq RZlg== X-Gm-Message-State: AG10YOQmexf72NGD/vQb+LonDPSS9Y2NxhCbTB1NgH232nbHrANBm0bVG3sHqNZ94lHn/PbRS1rfk7fstjMxpw== MIME-Version: 1.0 X-Received: by 10.50.61.177 with SMTP id q17mr10526501igr.68.1454087798502; Fri, 29 Jan 2016 09:16:38 -0800 (PST) Received: by 10.107.168.69 with HTTP; Fri, 29 Jan 2016 09:16:38 -0800 (PST) In-Reply-To: References: Date: Fri, 29 Jan 2016 11:16:38 -0600 Message-ID: Subject: Re: Session timeout From: oleg yusim To: user@cassandra.apache.org Content-Type: multipart/alternative; boundary=047d7bdca440b3ba7c052a7c321b --047d7bdca440b3ba7c052a7c321b Content-Type: text/plain; charset=UTF-8 Jon, I suspected something like that. I did a bit of learning on Cassandra before starting my assessment, and I understand that you are right, and it is generally not used like that. However (taking off my developer hat and putting on my security architect hat), from the security point of view the way Cassandra is used now is not very secure. For instance, way AAA (authentication, authorization, audit) is done, doesn't allow for centralized account and access control management, which in reality translates into shared accounts and no hierarchy. That in turn translates into situation when one person compromising credentials means complete disaster - administrative access to DB was just given up, with all the consequences. To top it all logging currently implemented in horrible manner too. It doesn't even allow to log username - basic requirement for any product, which would allow DBA or ISSO to figure out who did what on DB and recover in case of attack or crash. In general, logs the way they are today are targeted toward developer, making changes in DB, not toward the DBA, using it, and doesn't make much sense in my opinion. Now if you are interested in that subject, that document: http://iasecontent.disa.mil/stigs/zip/Jan2016/U_Database_V2R3_SRG.zip covers security concerns which should be taken in the account, when we are designing database. It also explains why each of them is important and what exactly would happen if it would be neglected. Jon, I would also appreciate suggestion. What I do right now is called "writing a STIG".That is when somebody takes concepts from SRG (the document I gave you link to above) and figures out how those are applied to that particular product. What is met (and what configuration on product leads to it, exactly), what is not met, but can be with little enhancement (and again - what those would be exactly), and what is not met and can't be met at current design. All that is combined into one document, called STIG and published by government (DISA) on http://iase.disa.mil/stigs/Pages/a-z.aspx page. Those STIGs mean a great deal from the security point of view because they: - Allow to save a lot of time on re-assessment of the product every single time - Allow to know what are the products limitations are from the security point of view before hands (and as such, place it right on the system, implementing all right compensation controls around it) - Allow to automate, both configuration checks from the security point of view and hardening of the product - Give product pass to DoD framework because if product has STIG and was configured in accordance to it, it is secure by DoD definition So overall, it is to the great benefit for the product to have STIG written for it, since it advances it on security market quite a bit and at the end - improves product's security posture quite a bit as well. My initial idea was that I would bring on board my knowledge of security concepts, and when I would lack understanding of intricate details of DB, I would turn to the Cassandra community for support. So far it doesn't work quite well, and from what you are saying, it wouldn't, because of lack of knowledge and lack of motivation to get it. What would be your suggestion? Who is capable of answering my questions? Is there another community, I should turn to? Would really appreciate your input on that, Thanks, Oleg On Fri, Jan 29, 2016 at 10:24 AM, Jonathan Haddad wrote: > I think the reason why most of your queries aren't being answered is > because you're asking questions that most people don't have the answer to. > On the automatic disconnect, anyone using Cassandra in prod doesn't really > need to think about it because we're always running queries, perhaps > millions a second. Queries are multiplexed over a single connection. > Almost nobody ever actually runs into a case of leaving a socket open for > hours without a query, so to find out if it actually happens, someone would > have to look it up in the source. > > Your questions about auditing are geared more towards if you're using a > database that's built for multi user access. Cassandra was built to solve > a very different problem. In most cases, you don't have hundreds of people > connecting from a shell, leaving connections open, casually querying for BI > reports. This isn't how *most* people use Cassandra, it wasn't really > built for that. There's better support for users & roles nowadays but it's > relatively new and that's about all you have right now. > > I realize you're new to the community, and it can be frustrating to not > get answers to questions that seem completely basic and obvious, but you're > asking about areas that *most* people on this list don't have knowledge > about and zero motivation to learn, because it's not necessary to solve the > problems we face. > > > On Fri, Jan 29, 2016 at 6:19 AM oleg yusim wrote: > >> Not a problem, Carlos, at least you tried :) I have overall a big problem >> with my queries to Cassandra community. Most of them are not getting >> answered. >> >> Oleg >> >> On Fri, Jan 29, 2016 at 8:03 AM, Carlos Alonso >> wrote: >> >>> Oh, I thought you meant read/write timeout, not session timeout due to >>> inactivity... >>> >>> Not sure there's such option. Sorry >>> >>> Carlos Alonso | Software Engineer | @calonso >>> >>> >>> On 29 January 2016 at 13:35, oleg yusim wrote: >>> >>>> Carlos, >>>> >>>> I went through Java and Python drivers... didn't find anything like >>>> that. Can you bring me example from your Ruby driver? Let me also make sure >>>> we are on the same page - I'm talking about session timeout due to >>>> inactivity, not read timeout or something like that. >>>> >>>> Thanks, >>>> >>>> Oleg >>>> >>>> On Fri, Jan 29, 2016 at 7:23 AM, Carlos Alonso >>>> wrote: >>>> >>>>> I personally don't use the Java but the Ruby driver, but I'm pretty >>>>> sure you'll be able to find it in the docs: >>>>> https://github.com/datastax/java-driver >>>>> >>>>> Carlos Alonso | Software Engineer | @calonso >>>>> >>>>> >>>>> On 29 January 2016 at 13:15, oleg yusim wrote: >>>>> >>>>>> Hi Carlos, >>>>>> >>>>>> Thanks for your anwer. Can you, please, get me a bit me information? >>>>>> What is the driver? JDBC? What is the name of configuration file? >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Oleg >>>>>> >>>>>> On Fri, Jan 29, 2016 at 5:12 AM, Carlos Alonso >>>>>> wrote: >>>>>> >>>>>>> Hi Oleg. >>>>>>> >>>>>>> The drivers have builtin the timeout configurable functionality. >>>>>>> >>>>>>> Hope it helps. >>>>>>> >>>>>>> Carlos Alonso | Software Engineer | @calonso >>>>>>> >>>>>>> >>>>>>> On 28 January 2016 at 22:18, oleg yusim wrote: >>>>>>> >>>>>>>> Greetings, >>>>>>>> >>>>>>>> Does Cassandra support session timeout? If so, where can I find >>>>>>>> this configuration switch? If not, what kind of hook I can use to write my >>>>>>>> out code, terminating session in so many seconds of inactivity? >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> Oleg >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> --047d7bdca440b3ba7c052a7c321b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Jon,

I suspected something like that. I= did a bit of learning on Cassandra before starting my assessment, and I un= derstand that you are right, and it is generally not used like that.=C2=A0<= /div>

However (taking off my developer hat and putting o= n my security architect hat), from the security point of view the way Cassa= ndra is used now is not very secure. For instance, way AAA (authentication,= authorization, audit) is done, doesn't allow for centralized account a= nd access control management, which in reality translates into shared accou= nts and no hierarchy. That in turn translates into situation when one perso= n compromising credentials means complete disaster - administrative access = to DB was just given up, with all the consequences. To top it all logging c= urrently implemented in horrible manner too. It doesn't even allow to l= og username - basic requirement for any product, which would allow DBA or I= SSO to figure out who did what on DB and recover in case of attack or crash= . In general, logs the way they are today are targeted toward developer, ma= king changes in DB, not toward the DBA, using it, and doesn't make much= sense in my opinion.

Now if you are interested in= that subject, that document:=C2=A0http://iasecontent.disa.mil/stigs= /zip/Jan2016/U_Database_V2R3_SRG.zip covers security concerns which sho= uld be taken in the account, when we are designing database. It also explai= ns why each of them is important and what exactly would happen if it would = be neglected.

Jon, I would also appreciate suggest= ion. What I do right now is called "writing a STIG".That is when = somebody takes concepts from SRG (the document I gave you link to above) an= d figures out how those are applied to that particular product. What is met= (and what configuration on product leads to it, exactly), what is not met,= but can be with little enhancement (and again - what those would be exactl= y), and what is not met and can't be met at current design. All that is= combined into one document, called STIG and published by government (DISA)= on=C2=A0http://iase.= disa.mil/stigs/Pages/a-z.aspx page. Those STIGs mean a great deal from = the security point of view because they:
  • Allow to save a = lot of time on re-assessment of the product every single time
  • Allow= to know what are the products limitations are from the security point of v= iew before hands (and as such, place it right on the system, implementing a= ll right compensation controls around it)
  • Allow to automate, both c= onfiguration checks from the security point of view and hardening of the pr= oduct
  • Give product pass to DoD framework because if product has STI= G and was configured in accordance to it, it is secure by DoD definition
So overall, it is to the great benefit for the product to have = STIG written for it, since it advances it on security market quite a bit an= d at the end - improves product's security posture quite a bit as well.= My initial idea was that I would bring on board my knowledge of security c= oncepts, and when I would lack understanding of intricate details of DB, I = would turn to the Cassandra community for support.

So far it doesn't work quite well, and from what you are saying,= it wouldn't, because of lack of knowledge and lack of motivation to ge= t it. What would be your suggestion? Who is capable of answering my questio= ns? Is there another community, I should turn to?

= Would really appreciate your input on that,

Thanks= ,

Oleg


=C2=A0

On Fri, Jan 29, 2016 at 10:24 AM, Jonathan Haddad <jon@jonhad= dad.com> wrote:
I think the reason why most of your queries aren't being answered= is because you're asking questions that most people don't have the= answer to.=C2=A0 On the automatic disconnect, anyone using Cassandra in pr= od doesn't really need to think about it because we're always runni= ng queries, perhaps millions a second.=C2=A0 Queries are multiplexed over a= single connection.=C2=A0 Almost nobody ever actually runs into a case of l= eaving a socket open for hours without a query, so to find out if it actual= ly happens, someone would have to look it up in the source.

<= div>Your questions about auditing are geared more towards if you're usi= ng a database that's built for multi user access.=C2=A0 Cassandra was b= uilt to solve a very different problem.=C2=A0 In most cases, you don't = have hundreds of people connecting from a shell, leaving connections open, = casually querying for BI reports.=C2=A0 This isn't how *most* people us= e Cassandra, it wasn't really built for that.=C2=A0 There's better = support for users & roles nowadays but it's relatively new and that= 's about all you have right now.

I realize you= 're new to the community, and it can be frustrating to not get answers = to questions that seem completely basic and obvious, but you're asking = about areas that *most* people on this list don't have knowledge about = and zero motivation to learn, because it's not necessary to solve the p= roblems we face.


On Fri, Jan 29, 2016 at 6:19 AM oleg = yusim <olegyusi= m@gmail.com> wrote:
Not a problem, Carlos, at least you tried :) I have overall a big = problem with my queries to Cassandra community. Most of them are not gettin= g answered.

Oleg

On Fri, Jan 29, 2016 a= t 8:03 AM, Carlos Alonso <info@mrcalonso.com> wrote:
Oh, I thought you meant read/w= rite timeout, not session timeout due to inactivity...

N= ot sure there's such option. Sorry

Carlos Alonso | Software Engineer |=C2=A0@calonso

On 29 January 2016 at 13:35= , oleg yusim <olegyusim@gmail.com> wrote:
Carlos,

I went throug= h Java and Python drivers... didn't find anything like that. Can you br= ing me example from your Ruby driver? Let me also make sure we are on the s= ame page - I'm talking about session timeout due to inactivity, not rea= d timeout or something like that.

Thanks,

Oleg

On Fri, Jan 29, 2016 at 7:23 AM, Carlos Alonso <info@m= rcalonso.com> wrote:
I personally don't use the Java but the Ruby driver, but I&#= 39;m pretty sure you'll be able to find it in the docs:=C2=A0https://github.= com/datastax/java-driver

Carlos Alonso | Software Engineer |=C2=A0@calonso

On 29 January 2016 at 13:15= , oleg yusim <olegyusim@gmail.com> wrote:
Hi Carlos,

Thanks for= your anwer. Can you, please, get me a bit me information? What is the driv= er? JDBC? What is the name of configuration file?

= Thanks,

Oleg

On Fri, Jan 29, 2016 at 5:12 AM, Carlos Alo= nso <info@mrcalonso.com> wrote:
Hi Oleg.

The drivers have builti= n the timeout configurable functionality.

Hope it = helps.
=
Carlos Alonso | Software Engineer |=C2=A0@calonso

On 28 January 2016 at 22:18, oleg yusim <= olegyusim@gmail.com> wrote:
Greetings,

Does Cassandra support sess= ion timeout? If so, where can I find this configuration switch? If not, wha= t kind of hook I can use to write my out code, terminating session in so ma= ny seconds of inactivity?

Thanks,

Oleg







--047d7bdca440b3ba7c052a7c321b--