cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oleg yusim <olegyu...@gmail.com>
Subject Re: Session timeout
Date Sat, 13 Feb 2016 04:30:41 GMT
Jack,

I updated my document with all the security gaps I was able to discover
(see the second table, below the fist one). I also moved the document to
Google Docs from Word doc, shared on Google Drive, following Matt's
suggestion.

Please, see the updated link:
https://docs.google.com/document/d/13-yu-1a0MMkBiJFPNkYoTd1Hzed9tgKltWi6hFLZbsk/edit?usp=sharing

Thanks,

Oleg

On Thu, Feb 11, 2016 at 3:52 PM, oleg yusim <olegyusim@gmail.com> wrote:

> Jack,
>
> This document doesn't cover all the areas where user will need to get
> engaged in explicit mitigation, it only covers those, I wasn't sure about.
> But - you are making a good point here. Let me update the document with the
> rest of the gaps, so community would have a complete list here.
>
> Thanks,
>
> Oleg
>
> On Thu, Feb 11, 2016 at 3:38 PM, Jack Krupansky <jack.krupansky@gmail.com>
> wrote:
>
>> Thanks! A useful contribution, no matter what the outcome. I trust your
>> ability to read of the doc, so I don't expect a lot of change to the
>> responses, but we'll see. At a minimum, it will probably be good to have
>> doc to highlight areas where users will need to engage in explicit
>> mitigation efforts if their infrastructure does not implicitly effect
>> mitigation for various security exposures.
>>
>> -- Jack Krupansky
>>
>> On Thu, Feb 11, 2016 at 3:21 PM, oleg yusim <olegyusim@gmail.com> wrote:
>>
>>> Robert, Jack, Bryan,
>>>
>>> As you suggested, I put together document, titled
>>> Cassandra_Security_Topics_to_Discuss, put it on Google Drive and shared it
>>> with everybody on this list. The document contains list of questions I have
>>> on Cassandra, my take on it, and has a place for notes Community would like
>>> to make on it.
>>>
>>> Please, review. Any help would be appreciated greatly.
>>>
>>> https://drive.google.com/open?id=0B2L9nW4Cyj41YWd1UkI4ZXVPYmM
>>>
>>> Oleg
>>>
>>> On Fri, Jan 29, 2016 at 6:30 PM, Bryan Cheng <bryan@blockcypher.com>
>>> wrote:
>>>
>>>> To throw my (unsolicited) 2 cents into the ring, Oleg, you work for a
>>>> well-funded and fairly large company. You are certainly free to continue
>>>> using the list and asking for community support (I am definitely not in any
>>>> position to tell you otherwise, anyway), but that community support is by
>>>> definition ad-hoc and best effort. Furthermore, your questions range from
>>>> trivial to, as Jonathan as mentioned earlier, concepts that many of us have
>>>> no reason to consider at this time (perhaps your work will convince us
>>>> otherwise- but you'll need to finish it first ;) )
>>>>
>>>> What I'm getting at here is that perhaps, if you need faster, deeper
>>>> level, and more elaborate support than this list can provide, you should
>>>> look into the services of a paid Cassandra support company like Datastax.
>>>>
>>>> On Fri, Jan 29, 2016 at 3:34 PM, Robert Coli <rcoli@eventbrite.com>
>>>> wrote:
>>>>
>>>>> On Fri, Jan 29, 2016 at 3:12 PM, Jack Krupansky <
>>>>> jack.krupansky@gmail.com> wrote:
>>>>>
>>>>>> One last time, I'll simply renew my objection to the way you are
>>>>>> abusing this list.
>>>>>>
>>>>>
>>>>> FWIW, while I appreciate that OP (Oleg) is attempting to do a service
>>>>> for the community, I agree that the flood of single topic, context-lacking
>>>>> posts regarding deep internals of Cassandra is likely to inspire the
>>>>> opposite of a helpful response.
>>>>>
>>>>> This is important work, however, so hopefully we can collectively find
>>>>> a way through the meta and can discuss this topic without acrimony! :D
>>>>>
>>>>> =Rob
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>

Mime
View raw message