cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oleg yusim <olegyu...@gmail.com>
Subject Re: Session timeout
Date Mon, 01 Feb 2016 16:40:03 GMT
Jeff,

You mentioned that both Authentication and Authorization are pluggable. In
relation to that, is logging pluggable as well? I.e. if I'm not happy with
what logback has to provide and want to replace it with some alternative
logging module, can I do it?

Thanks,

Oleg

On Fri, Jan 29, 2016 at 11:42 AM, Jeff Jirsa <jeff.jirsa@crowdstrike.com>
wrote:

>
> > For instance, way AAA (authentication, authorization, audit) is done,
> doesn't allow for centralized account and access control management, which
> in reality translates into shared accounts and no hierarchy.
>
> Authentication and Authorization are both pluggable. Any organization can
> write their own, and tie it to any AAA system they currently have. If they
> were feeling generous, they could open source it for the community, and
> perhaps bring it upstream. There’s nothing fundamentally preventing your
> organization from writing an Authenticator (
> https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/auth/IAuthenticator.java
)
> or Authorizor (
> https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/auth/IAuthorizer.java
)
> if they were so inclined.
>
> Audit is something that’s being actively discussed (
> https://issues.apache.org/jira/browse/CASSANDRA-8844 ).
>
> It’s an open source project with a very small number of commercial
> vendors. In general, that means there are 3 options:
>
>    1. Wait for someone else to write it to fit their need, and hopefully
>    they open source it.
>    2. Write it yourself
>    3. Pay a vendor (such as Datastax), and let them know in advance it’s
>    a requirement to get it on their roadmap. This is really #2 with some
>    polish to make it easier to get through your legal/AP systems.
>
> > So far it doesn't work quite well, and from what you are saying, it
> wouldn't, because of lack of knowledge and lack of motivation to get it.
> What would be your suggestion? Who is capable of answering my questions? Is
> there another community, I should turn to?
>
> The cassandra-user and cassandra-dev mailing lists are the primary sources
> of knowledge outside of support contracts. For paid support, companies like
> Datastax and The Last Pickle tend to be well respected options. Both of
> those companies will probably answer some of your questions for free if you
> post on these mailing lists. They’ll likely answer even more if you pay
> them.
>
>
>
> From: oleg yusim
> Reply-To: "user@cassandra.apache.org"
> Date: Friday, January 29, 2016 at 9:16 AM
> To: "user@cassandra.apache.org"
> Subject: Re: Session timeout
>
> Jon,
>
> I suspected something like that. I did a bit of learning on Cassandra
> before starting my assessment, and I understand that you are right, and it
> is generally not used like that.
>
> However (taking off my developer hat and putting on my security architect
> hat), from the security point of view the way Cassandra is used now is not
> very secure. For instance, way AAA (authentication, authorization, audit)
> is done, doesn't allow for centralized account and access control
> management, which in reality translates into shared accounts and no
> hierarchy. That in turn translates into situation when one person
> compromising credentials means complete disaster - administrative access to
> DB was just given up, with all the consequences. To top it all logging
> currently implemented in horrible manner too. It doesn't even allow to log
> username - basic requirement for any product, which would allow DBA or ISSO
> to figure out who did what on DB and recover in case of attack or crash. In
> general, logs the way they are today are targeted toward developer, making
> changes in DB, not toward the DBA, using it, and doesn't make much sense in
> my opinion.
>
> Now if you are interested in that subject, that document:
> http://iasecontent.disa.mil/stigs/zip/Jan2016/U_Database_V2R3_SRG.zip
> covers security concerns which should be taken in the account, when we are
> designing database. It also explains why each of them is important and what
> exactly would happen if it would be neglected.
>
> Jon, I would also appreciate suggestion. What I do right now is called
> "writing a STIG".That is when somebody takes concepts from SRG (the
> document I gave you link to above) and figures out how those are applied to
> that particular product. What is met (and what configuration on product
> leads to it, exactly), what is not met, but can be with little enhancement
> (and again - what those would be exactly), and what is not met and can't be
> met at current design. All that is combined into one document, called STIG
> and published by government (DISA) on
> http://iase.disa.mil/stigs/Pages/a-z.aspx page. Those STIGs mean a great
> deal from the security point of view because they:
>
>    - Allow to save a lot of time on re-assessment of the product every
>    single time
>    - Allow to know what are the products limitations are from the
>    security point of view before hands (and as such, place it right on the
>    system, implementing all right compensation controls around it)
>    - Allow to automate, both configuration checks from the security point
>    of view and hardening of the product
>    - Give product pass to DoD framework because if product has STIG and
>    was configured in accordance to it, it is secure by DoD definition
>
> So overall, it is to the great benefit for the product to have STIG
> written for it, since it advances it on security market quite a bit and at
> the end - improves product's security posture quite a bit as well. My
> initial idea was that I would bring on board my knowledge of security
> concepts, and when I would lack understanding of intricate details of DB, I
> would turn to the Cassandra community for support.
>
> So far it doesn't work quite well, and from what you are saying, it
> wouldn't, because of lack of knowledge and lack of motivation to get it.
> What would be your suggestion? Who is capable of answering my questions? Is
> there another community, I should turn to?
>
> Would really appreciate your input on that,
>
> Thanks,
>
> Oleg
>
>
>
>
>
> On Fri, Jan 29, 2016 at 10:24 AM, Jonathan Haddad <jon@jonhaddad.com>
> wrote:
>
>> I think the reason why most of your queries aren't being answered is
>> because you're asking questions that most people don't have the answer to.
>> On the automatic disconnect, anyone using Cassandra in prod doesn't really
>> need to think about it because we're always running queries, perhaps
>> millions a second.  Queries are multiplexed over a single connection.
>> Almost nobody ever actually runs into a case of leaving a socket open for
>> hours without a query, so to find out if it actually happens, someone would
>> have to look it up in the source.
>>
>> Your questions about auditing are geared more towards if you're using a
>> database that's built for multi user access.  Cassandra was built to solve
>> a very different problem.  In most cases, you don't have hundreds of people
>> connecting from a shell, leaving connections open, casually querying for BI
>> reports.  This isn't how *most* people use Cassandra, it wasn't really
>> built for that.  There's better support for users & roles nowadays but it's
>> relatively new and that's about all you have right now.
>>
>> I realize you're new to the community, and it can be frustrating to not
>> get answers to questions that seem completely basic and obvious, but you're
>> asking about areas that *most* people on this list don't have knowledge
>> about and zero motivation to learn, because it's not necessary to solve the
>> problems we face.
>>
>>
>> On Fri, Jan 29, 2016 at 6:19 AM oleg yusim <olegyusim@gmail.com> wrote:
>>
>>> Not a problem, Carlos, at least you tried :) I have overall a big
>>> problem with my queries to Cassandra community. Most of them are not
>>> getting answered.
>>>
>>> Oleg
>>>
>>> On Fri, Jan 29, 2016 at 8:03 AM, Carlos Alonso <info@mrcalonso.com>
>>> wrote:
>>>
>>>> Oh, I thought you meant read/write timeout, not session timeout due to
>>>> inactivity...
>>>>
>>>> Not sure there's such option. Sorry
>>>>
>>>> Carlos Alonso | Software Engineer | @calonso
>>>> <https://twitter.com/calonso>
>>>>
>>>> On 29 January 2016 at 13:35, oleg yusim <olegyusim@gmail.com> wrote:
>>>>
>>>>> Carlos,
>>>>>
>>>>> I went through Java and Python drivers... didn't find anything like
>>>>> that. Can you bring me example from your Ruby driver? Let me also make
sure
>>>>> we are on the same page - I'm talking about session timeout due to
>>>>> inactivity, not read timeout or something like that.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Oleg
>>>>>
>>>>> On Fri, Jan 29, 2016 at 7:23 AM, Carlos Alonso <info@mrcalonso.com>
>>>>> wrote:
>>>>>
>>>>>> I personally don't use the Java but the Ruby driver, but I'm pretty
>>>>>> sure you'll be able to find it in the docs:
>>>>>> https://github.com/datastax/java-driver
>>>>>>
>>>>>> Carlos Alonso | Software Engineer | @calonso
>>>>>> <https://twitter.com/calonso>
>>>>>>
>>>>>> On 29 January 2016 at 13:15, oleg yusim <olegyusim@gmail.com>
wrote:
>>>>>>
>>>>>>> Hi Carlos,
>>>>>>>
>>>>>>> Thanks for your anwer. Can you, please, get me a bit me information?
>>>>>>> What is the driver? JDBC? What is the name of configuration file?
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Oleg
>>>>>>>
>>>>>>> On Fri, Jan 29, 2016 at 5:12 AM, Carlos Alonso <info@mrcalonso.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Oleg.
>>>>>>>>
>>>>>>>> The drivers have builtin the timeout configurable functionality.
>>>>>>>>
>>>>>>>> Hope it helps.
>>>>>>>>
>>>>>>>> Carlos Alonso | Software Engineer | @calonso
>>>>>>>> <https://twitter.com/calonso>
>>>>>>>>
>>>>>>>> On 28 January 2016 at 22:18, oleg yusim <olegyusim@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Greetings,
>>>>>>>>>
>>>>>>>>> Does Cassandra support session timeout? If so, where
can I find
>>>>>>>>> this configuration switch? If not, what kind of hook
I can use to write my
>>>>>>>>> out code, terminating session in so many seconds of inactivity?
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>>
>>>>>>>>> Oleg
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>

Mime
View raw message