cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oleg yusim <>
Subject Re: Session timeout
Date Sat, 13 Feb 2016 04:30:41 GMT

I updated my document with all the security gaps I was able to discover
(see the second table, below the fist one). I also moved the document to
Google Docs from Word doc, shared on Google Drive, following Matt's

Please, see the updated link:



On Thu, Feb 11, 2016 at 3:52 PM, oleg yusim <> wrote:

> Jack,
> This document doesn't cover all the areas where user will need to get
> engaged in explicit mitigation, it only covers those, I wasn't sure about.
> But - you are making a good point here. Let me update the document with the
> rest of the gaps, so community would have a complete list here.
> Thanks,
> Oleg
> On Thu, Feb 11, 2016 at 3:38 PM, Jack Krupansky <>
> wrote:
>> Thanks! A useful contribution, no matter what the outcome. I trust your
>> ability to read of the doc, so I don't expect a lot of change to the
>> responses, but we'll see. At a minimum, it will probably be good to have
>> doc to highlight areas where users will need to engage in explicit
>> mitigation efforts if their infrastructure does not implicitly effect
>> mitigation for various security exposures.
>> -- Jack Krupansky
>> On Thu, Feb 11, 2016 at 3:21 PM, oleg yusim <> wrote:
>>> Robert, Jack, Bryan,
>>> As you suggested, I put together document, titled
>>> Cassandra_Security_Topics_to_Discuss, put it on Google Drive and shared it
>>> with everybody on this list. The document contains list of questions I have
>>> on Cassandra, my take on it, and has a place for notes Community would like
>>> to make on it.
>>> Please, review. Any help would be appreciated greatly.
>>> Oleg
>>> On Fri, Jan 29, 2016 at 6:30 PM, Bryan Cheng <>
>>> wrote:
>>>> To throw my (unsolicited) 2 cents into the ring, Oleg, you work for a
>>>> well-funded and fairly large company. You are certainly free to continue
>>>> using the list and asking for community support (I am definitely not in any
>>>> position to tell you otherwise, anyway), but that community support is by
>>>> definition ad-hoc and best effort. Furthermore, your questions range from
>>>> trivial to, as Jonathan as mentioned earlier, concepts that many of us have
>>>> no reason to consider at this time (perhaps your work will convince us
>>>> otherwise- but you'll need to finish it first ;) )
>>>> What I'm getting at here is that perhaps, if you need faster, deeper
>>>> level, and more elaborate support than this list can provide, you should
>>>> look into the services of a paid Cassandra support company like Datastax.
>>>> On Fri, Jan 29, 2016 at 3:34 PM, Robert Coli <>
>>>> wrote:
>>>>> On Fri, Jan 29, 2016 at 3:12 PM, Jack Krupansky <
>>>>>> wrote:
>>>>>> One last time, I'll simply renew my objection to the way you are
>>>>>> abusing this list.
>>>>> FWIW, while I appreciate that OP (Oleg) is attempting to do a service
>>>>> for the community, I agree that the flood of single topic, context-lacking
>>>>> posts regarding deep internals of Cassandra is likely to inspire the
>>>>> opposite of a helpful response.
>>>>> This is important work, however, so hopefully we can collectively find
>>>>> a way through the meta and can discuss this topic without acrimony! :D
>>>>> =Rob

View raw message