Re: Backporting CASSANDRA-17812 to 4.x

+1 on back porting it > On Nov 5, 2024, at 8:51 AM, Štefan Miklošovič wrote: > > Backporting in such a way that all auth requests will still go to the same > request executor as before is OK for me. > > On Tue, Nov 5, 2024 at 3:32 PM J. D. Jordan > wrote: >>

Re: Backporting CASSANDRA-17812 to 4.x

Backporting in such a way that all auth requests will still go to the same request executor as before is OK for me. On Tue, Nov 5, 2024 at 3:32 PM J. D. Jordan wrote: > If I read the ticket correctly, this is preventing bcrypt of incoming > credentials from causing a DOS? > I think that’s reason

Re: Backporting CASSANDRA-17812 to 4.x

If I read the ticket correctly, this is preventing bcrypt of incoming credentials from causing a DOS?I think that’s reasonable to backport.  If we want to be conservative it could be backported with added code that keeps the current behavior by default?On Nov 5, 2024, at 7:43 AM, Josh McKenzie wro

Re: Backporting CASSANDRA-17812 to 4.x

I'm neutral to the backport. In terms of the letter of the law, I can see the argument either way of it being an improvement or a bugfix. Definitely wouldn't -1 a backport. On Tue, Nov 5, 2024, at 7:23 AM, Mick Semb Wever wrote: > Can you please put the ticket description in the email. Saves us

Re: Backporting CASSANDRA-17812 to 4.x

Can you please put the ticket description in the email. Saves us having to follow the link to know what you're talking about. Yes to backporting this. On Tue, 5 Nov 2024 at 10:27, Štefan Miklošovič wrote: > Hello, > > I want to ask if there are objections for backporting CASSANDRA-17812 (1) >

Backporting CASSANDRA-17812 to 4.x

Hello, I want to ask if there are objections for backporting CASSANDRA-17812 (1) to 4.0.x and 4.1.x. There is a question already in that ticket about backporting from another person and we keep being asked about this a lot. It seems to me that while this is technically an improvement, it is so va