Return-Path: 
 <user-return-50020-apmail-cassandra-user-archive=cassandra.apache.org@cassandra.apache.org>
X-Original-To: apmail-cassandra-user-archive@www.apache.org
Delivered-To: apmail-cassandra-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 9C582185E9
	for <apmail-cassandra-user-archive@www.apache.org>;
 Thu, 14 Jan 2016 02:40:45 +0000 (UTC)
Received: (qmail 78874 invoked by uid 500); 14 Jan 2016 02:40:43 -0000
Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org
Received: (qmail 78779 invoked by uid 500); 14 Jan 2016 02:40:43 -0000
Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@cassandra.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@cassandra.apache.org>
List-Post: <mailto:user@cassandra.apache.org>
List-Id: <user.cassandra.apache.org>
Reply-To: user@cassandra.apache.org
Delivered-To: mailing list user@cassandra.apache.org
Received: (qmail 78669 invoked by uid 99); 14 Jan 2016 02:40:43 -0000
Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Jan 2016 02:40:43 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org)
 with ESMTP id 23D401A07E3
	for <user@cassandra.apache.org>; Thu, 14 Jan 2016 02:40:43 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 3.001
X-Spam-Level: ***
X-Spam-Status: No, score=3.001 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=3,
	URIBL_BLOCKED=0.001] autolearn=disabled
Authentication-Results: spamd2-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key)
	header.d=blockcypher-com.20150623.gappssmtp.com
Received: from mx1-eu-west.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new,
 port 10024)
	with ESMTP id iIOrO830rV5I for <user@cassandra.apache.org>;
	Thu, 14 Jan 2016 02:40:29 +0000 (UTC)
Received: from mail-ob0-f178.google.com (mail-ob0-f178.google.com
 [209.85.214.178])
	by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with
 ESMTPS id E820D31AB5
	for <user@cassandra.apache.org>; Thu, 14 Jan 2016 02:40:27 +0000 (UTC)
Received: by mail-ob0-f178.google.com with SMTP id py5so104362480obc.2
        for <user@cassandra.apache.org>; Wed, 13 Jan 2016 18:40:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=blockcypher-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=a4bk01auBP5BwxW94rXPI5Texpt/LyBLa2OD4lB6Jos=;
        b=zpJp+7oaqWCQFbUGg9kzRkQhGFp6kml79Td/13l/Z0S1Zo0pd0tNDYcVCZd+C6Tfdy
         1Iaw3xNfAcSU086kuBOl6cfL+mYND3VkoJGrvUmtTExGo/3sTCDidBT0TUIJpmPlJeBU
         IR96nT+wSW6rDwSBWQ6hERkZGVaQEyHZgVg2zwx6TFCh8BZ/MIgZM688m9rwOwdCRmnv
         sD5vn6nuhRob97Yx9GvmI0u12Mek6pLfOfQDP66keAj45qJCMPMlSK84tdjXMTBPNUj7
         GBRnzPrtc5dLvcQC7CfZSNtr6vb7GYHaPtRgj/P9d/6WCxc6SYn0/6p+eLZNLk9SERrU
         UoWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:content-type;
        bh=a4bk01auBP5BwxW94rXPI5Texpt/LyBLa2OD4lB6Jos=;
        b=IEhfVEpOUPLx89ROEvnXLNzP5b9lStABCd6QnDvaO38r6Ke+RxaAXKhL5IOwSq0ry4
         CAuzXiKos7PQWewnfXbcFOHjZ8mnw8wZR5/J8fdzfJ76Lh+31XNp7apjq2AZOG28hA6R
         DBasmU/uJ5RSyG8tM+rkYmGDGQLKgh3kJsI2CF4oTgiYLbWNpb3K5yV2xoLUb7beuZ2l
         +W8tNn1FbEJt0Bbp+AsSwoZW72A6LZI60wtE6HixkDPZ+pZCyNi0G1XQwR7M7mh4qC9P
         7FjuKyCVAzN5eMw3q6wR3wQKoJnEMXesX7aXghj+S00eE7prxzyf3Zo6WHFrR8YT3tLM
         72wg==
X-Gm-Message-State: 
 ALoCoQnmtRzFB6lZgG5BGTgzncPdJmpHZ7MAgCfabRdJxSo/r7d9gIXCF2tlsPS7h5FO19QSTYmTb6whLpulraQA6lFKzArbVg==
MIME-Version: 1.0
X-Received: by 10.60.134.202 with SMTP id pm10mr1254819oeb.50.1452739226697;
 Wed, 13 Jan 2016 18:40:26 -0800 (PST)
Received: by 10.182.139.69 with HTTP; Wed, 13 Jan 2016 18:40:26 -0800 (PST)
In-Reply-To: 
 <CAKd4e_HZOY5HdYmjW-2SAF=K-9pHP6UTc6Dv-ymt3NS3XhPyhw@mail.gmail.com>
References: 
 <CAKd4e_Hx3hK2Ee-us0dMg+4QN6nbvhddNf4V9nHZfvbKdjjo9w@mail.gmail.com>
	<CAEDUwd02EmemzTNQy5exekO7YO3ECgv921_M14yD6-Fke7oYZg@mail.gmail.com>
	<CAKd4e_HZOY5HdYmjW-2SAF=K-9pHP6UTc6Dv-ymt3NS3XhPyhw@mail.gmail.com>
Date: Wed, 13 Jan 2016 18:40:26 -0800
Message-ID: 
 <CANeMN=-6Eh+38kDyB0Jd4L=7pHv6nkP17KwEKOj8LDexaJV+hQ@mail.gmail.com>
Subject: Re: max connection per user
From: Bryan Cheng <bryan@blockcypher.com>
To: user@cassandra.apache.org
Content-Type: multipart/alternative; boundary=047d7b417a638f19fd05294235e8

--047d7b417a638f19fd05294235e8
Content-Type: text/plain; charset=UTF-8

Are you actively exposing your database to users outside of your
organization, or are you just asking about security best practices?

If you mean the former, this isn't really a common use case and there isn't
a huge amount out of the box that Cassandra will do to help.

If you're just asking about security best-practices,
http://www.datastax.com/wp-content/uploads/2014/04/WP-DataStax-Enterprise-Best-Practices.pdf
has a brief blurb, and there are many resources online for securing
Cassandra specifically and databases in general- the approaches are going
to be largely the same.

Can you describe what avenues you're expecting either intrusion or DOS?

On Wed, Jan 13, 2016 at 6:01 PM, oleg yusim <olegyusim@gmail.com> wrote:

> OK Rob, I see what you saying. Well, let's dive into the long questions
> and answers at this case a bit:
>
> 1) Is there any other approach Cassandra currently utilizes to mitigate
> DoS attacks?
> 2) How about max connection per DB? I know, Cassandra has this parameter
> on JDBC driver configuration, but what be suggested value not to exceed?
>
> Thanks,
>
> Oleg
>
> On Wed, Jan 13, 2016 at 6:31 PM, Robert Coli <rcoli@eventbrite.com> wrote:
>
>> On Wed, Jan 13, 2016 at 1:41 PM, oleg yusim <olegyusim@gmail.com> wrote:
>>
>>> Quick question, here: does Cassandra have a configuration switch to
>>> limit number of connections per user (protection of DoS attack, security)?
>>>
>>
>> Quick answer : no.
>>
>> =Rob
>>
>>
>
>

--047d7b417a638f19fd05294235e8
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Are you actively exposing your database to users outside o=
f your organization, or are you just asking about security best practices?<=
div><br></div><div>If you mean the former, this isn&#39;t really a common u=
se case and there isn&#39;t a huge amount out of the box that Cassandra wil=
l do to help.</div><div><br></div><div>If you&#39;re just asking about secu=
rity best-practices,=C2=A0<a href=3D"http://www.datastax.com/wp-content/upl=
oads/2014/04/WP-DataStax-Enterprise-Best-Practices.pdf">http://www.datastax=
.com/wp-content/uploads/2014/04/WP-DataStax-Enterprise-Best-Practices.pdf</=
a> has a brief blurb, and there are many resources online for securing Cass=
andra specifically and databases in general- the approaches are going to be=
 largely the same.</div><div><br></div><div>Can you describe what avenues y=
ou&#39;re expecting either intrusion or DOS?</div></div><div class=3D"gmail=
_extra"><br><div class=3D"gmail_quote">On Wed, Jan 13, 2016 at 6:01 PM, ole=
g yusim <span dir=3D"ltr">&lt;<a href=3D"mailto:olegyusim@gmail.com" target=
=3D"_blank">olegyusim@gmail.com</a>&gt;</span> wrote:<br><blockquote class=
=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd=
ing-left:1ex"><div dir=3D"ltr">OK Rob, I see what you saying. Well, let&#39=
;s dive into the long questions and answers at this case a bit:<div><br></d=
iv><div>1) Is there any other approach Cassandra currently utilizes to miti=
gate DoS attacks?</div><div>2) How about max connection per DB? I know, Cas=
sandra has this parameter on JDBC driver configuration, but what be suggest=
ed value not to exceed?</div><div><br></div><div>Thanks,</div><div><br></di=
v><div>Oleg</div></div><div class=3D"HOEnZb"><div class=3D"h5"><div class=
=3D"gmail_extra"><br><div class=3D"gmail_quote">On Wed, Jan 13, 2016 at 6:3=
1 PM, Robert Coli <span dir=3D"ltr">&lt;<a href=3D"mailto:rcoli@eventbrite.=
com" target=3D"_blank">rcoli@eventbrite.com</a>&gt;</span> wrote:<br><block=
quote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc=
 solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><div c=
lass=3D"gmail_quote"><span>On Wed, Jan 13, 2016 at 1:41 PM, oleg yusim <spa=
n dir=3D"ltr">&lt;<a href=3D"mailto:olegyusim@gmail.com" target=3D"_blank">=
olegyusim@gmail.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quo=
te" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"=
><div dir=3D"ltr"><div>Quick question, here: does Cassandra have a configur=
ation switch to limit number of connections per user (protection of DoS att=
ack, security)?</div></div></blockquote><div><br></div></span><div>Quick an=
swer : no.</div><div><br></div><div>=3DRob</div><div>=C2=A0</div></div></di=
v></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>

--047d7b417a638f19fd05294235e8--