Re: [Discuss] CEP-24 Password validation and generation

;; > >>> > >>> and this will be commited into TCM, everything replayed on restart, > same > >>> for whole cluster ... you got the idea. Hence, similarly, you can > commit > >>> configuration for a password validator and it will be same across whole >

Re: [Discuss] CEP-24 Password validation and generation

received quite positive feedback and it was suggested that >>> we should actually commit into TCM all configuration which is meant to be >>> same for each node. >>> >>> I stopped with the introduction of more general "config in TCM" solution >

Re: [Discuss] CEP-24 Password validation and generation

ere. > > > > Let's see what happens next, I just want to highlight that the next course > > of action will most probably be the introduction of transactional > > configuration until this one can finally be integrated with that too. > > Currently, there is one missing configuration property

Re: [Discuss] CEP-24 Password validation and generation

passwords while >>> being logged on that node. I think that something similar was done to >>> memtables CEP and there was some additional discussion about that - the way >>> how it is configured - it is in yaml and not in schema so it is only >>> node-specif

Re: [Discuss] CEP-24 Password validation and generation

iguration property to be transactional > - default_keyspace_rf - because it is used by one of guardrails too. This > leads to more general "config in TCM" case which we have not dealt with yet. > > Branch with transactional guardrails is in (2). > > (1) https://issues.apache.o

Re: [Discuss] CEP-24 Password validation and generation

> Branch with transactional guardrails is in (2). > > (1) https://issues.apache.org/jira/browse/CASSANDRA-19593 > (2) https://github.com/instaclustr/cassandra/tree/CEP-24-with-generator-tcm > > > From: Miklosovic, Stefan > Sent: Monday, December 19, 2022 14:24 >

Re: [Discuss] CEP-24 Password validation and generation

Do you think Diagnostics events would satisfy your needs? Regards From: Claude Warren, Jr via dev mailto:dev@cassandra.apache.org>> Sent: Thursday, October 13, 2022 14:43 To: dev@cassandra.apache.org<mailto:dev@cassandra.apache.org> Subject: Re: [Discuss] CEP-24 Password valida

Re: [Discuss] CEP-24 Password validation and generation

Jr via dev Sent: Wednesday, October 19, 2022 10:58 To: dev@cassandra.apache.org Subject: Re: [Discuss] CEP-24 Password validation and generation NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Re: [Discuss] CEP-24 Password validation and generation

> "A simple implementation of the observer that logs the messages Jeff >> suggested would probably be sufficient." >> >> Yes, no problem with logging from Guardrail directly. >> >> (1) >> https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-24%3A+Pa

Re: [Discuss] CEP-24 Password validation and generation

tics events would satisfy your needs? > > Regards > > > From: Claude Warren, Jr via dev > Sent: Thursday, October 13, 2022 14:43 > To: dev@cassandra.apache.org > Subject: Re: [Discuss] CEP-24 Password validation and generation > > NetApp Security WARNING: This is an ex

Re: [Discuss] CEP-24 Password validation and generation

? Regards From: Claude Warren, Jr via dev Sent: Thursday, October 13, 2022 14:43 To: dev@cassandra.apache.org Subject: Re: [Discuss] CEP-24 Password validation and generation NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the

Re: [Discuss] CEP-24 Password validation and generation

iouspasswords > > Regards > > ____________________ > From: Claude Warren, Jr > Sent: Thursday, October 13, 2022 12:50 > To: Miklosovic, Stefan > Cc: dev@cassandra.apache.org > Subject: Re: [Discuss] CEP-24 Password validation and generation > >

Re: [Discuss] CEP-24 Password validation and generation

ctionaries. This might be included in > the CEP but I would keep it out for the very first implementation and it > can be finished afterwards in some other commit. I do not find it > absolutely necessary to do it right now. > > Regards, > > Stefan > > __

Re: [Discuss] CEP-24 Password validation and generation

Warren, Jr Subject: Re: [Discuss] CEP-24 Password validation and generation NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Claude, you said: "I don't know the govt spec. but

Re: [Discuss] CEP-24 Password validation and generation

er commit. I do not find it absolutely necessary to do it right now. Regards, Stefan From: Claude Warren, Jr via dev Sent: Thursday, October 13, 2022 9:44 To: dev@cassandra.apache.org Subject: Fwd: [Discuss] CEP-24 Password validation and generation Net

Fwd: [Discuss] CEP-24 Password validation and generation

I managed not to send this to the mailaing list... I don't know the govt spec. but there is a US govt security level where you are not allowed to inform the user why the login failed. It seems to me that there are 2 intertwined components being discussed. 1) A component to perform a user passw

Re: [Discuss] CEP-24 Password validation and generation

atable to operators and organisations that > want to use Cassandra. > > > > Regards, > > > > Jackson > > > > *From: *Brad > *Date: *Wednesday, 12 October 2022 at 2:42 am > *To: *dev@cassandra.apache.org > *Subject: *Re: [Discuss] CEP-24 Password validati

Re: [Discuss] CEP-24 Password validation and generation

error, the following has to be done: Password must be 8 or more characters in length. " Cheers, Jackson From: Derek Chen-Becker Date: Wednesday, 12 October 2022 at 7:07 am To: dev@cassandra.apache.org Subject: Re: [Discuss] CEP-24 Password validation and generation NetApp Security WARNIN

Re: [Discuss] CEP-24 Password validation and generation

approach is more implementable and more palatable to operators and organisations that want to use Cassandra. Regards, Jackson From: Brad Date: Wednesday, 12 October 2022 at 2:42 am To: dev@cassandra.apache.org Subject: Re: [Discuss] CEP-24 Password validation and generation NetApp Security WARNING

Re: [Discuss] CEP-24 Password validation and generation

just mentioning that they tried to create a password with a lot of >> repeating characters? What is the added value here? >> >> I need to double check if warnings are logged as well. I'll get back to >> you. >> >> >> ___

Re: [Discuss] CEP-24 Password validation and generation

From: Jeff Jirsa Sent: Tuesday, October 11, 2022 20:56 To: dev@cassandra.apache.org Subject: Re: [Discuss] CEP-24 Password validation and generation NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is

Re: [Discuss] CEP-24 Password validation and generation

rom: Derek Chen-Becker > Sent: Tuesday, October 11, 2022 18:59 > To: dev@cassandra.apache.org > Subject: Re: [Discuss] CEP-24 Password validation and generation > > NetApp Security WARNING: This is an external email. Do not click links or > open attachments unless you recognize

Re: [Discuss] CEP-24 Password validation and generation

thread. I will try to summarize where we are as it is easy to get lost in these emails. From: Derek Chen-Becker Sent: Tuesday, October 11, 2022 18:59 To: dev@cassandra.apache.org Subject: Re: [Discuss] CEP-24 Password validation and generation NetAp

Re: [Discuss] CEP-24 Password validation and generation

Sent: Tuesday, October 11, 2022 17:47 > To: dev@cassandra.apache.org > Subject: Re: [Discuss] CEP-24 Password validation and generation > > NetApp Security WARNING: This is an external email. Do not click links or > open attachments unless you recognize the sender and know the cont

Re: [Discuss] CEP-24 Password validation and generation

cker.org>> Sent: Tuesday, October 11, 2022 17:14 To: dev@cassandra.apache.org<mailto:dev@cassandra.apache.org> Subject: Re: [Discuss] CEP-24 Password validation and generation NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize

Re: [Discuss] CEP-24 Password validation and generation

41 To: dev@cassandra.apache.org Subject: Re: [Discuss] CEP-24 Password validation and generation NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. I'd agree that password expiry should be avo

Re: [Discuss] CEP-24 Password validation and generation

same as > the original one, would still have to be valid, but it just might be same > as it was. > > > From: Derek Chen-Becker > Sent: Tuesday, October 11, 2022 17:14 > To: dev@cassandra.apache.org > Subject: Re: [Discuss] CEP-24 Pa

Re: [Discuss] CEP-24 Password validation and generation

els - OK password, password with a warning and failed > password. We inform a user about the strength of his password retroactively > - we do not tell him what the password should be before he tries to set one > however I think that is acceptable when using Cassandra and cqlsh in > console envi

Re: [Discuss] CEP-24 Password validation and generation

: Brad mailto:bscho...@gmail.com>> Sent: Monday, October 10, 2022 17:43 To: dev@cassandra.apache.org<mailto:dev@cassandra.apache.org> Subject: Re: [Discuss] CEP-24 Password validation and generation NetApp Security WARNING: This is an external email. Do not click links or open attachments unl

Re: [Discuss] CEP-24 Password validation and generation

ailed > password. We inform a user about the strength of his password retroactively > - we do not tell him what the password should be before he tries to set one > however I think that is acceptable when using Cassandra and cqlsh in > console environment. > > (1) https://pag

Re: [Discuss] CEP-24 Password validation and generation

d should be before he tries to set one > however I think that is acceptable when using Cassandra and cqlsh in console > environment. > > (1) https://pages.nist.gov/800-63-3/sp800-63b.html#appA > > From: Brad > Sent: Monday, October 10,

Re: [Discuss] CEP-24 Password validation and generation

_ From: Brad Sent: Monday, October 10, 2022 17:43 To: dev@cassandra.apache.org Subject: Re: [Discuss] CEP-24 Password validation and generation NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the

Re: [Discuss] CEP-24 Password validation and generation

I would suggest reviewing the guidelines in sec in 5.1.1.2 of NIST Special Publication 800-63B and the NCSC Password policy: updating your approach - NCSC.GOV.UK

Re: [Discuss] CEP-24 Password validation and generation

all the details involved and CEP seemed to be a good way how to cement that. From: Andrés de la Peña Sent: Friday, September 23, 2022 13:36 To: dev@cassandra.apache.org Subject: Re: [Discuss] CEP-24 Password validation and generation NetApp Security

Re: [Discuss] CEP-24 Password validation and generation

I think that custom, pluggable type of guardrail will be a great addition to the framework. The first guardrails prototype included a factory of guardrails that was able to provide different guardrail instances depending on the specified class and client state. That was discarded during review in

[Discuss] CEP-24 Password validation and generation

Hi list, together with my colleague Jackson Fleming we put together CEP-24 about password validation and password generation in Cassandra. https://cwiki.apache.org/confluence/x/QoueDQ We are looking forward to discuss this CEP with you in depth. The outcome of this thread would be to sort out