Jack,
I updated my document with all the security gaps I was able to discover
(see the second table, below the fist one). I also moved the document to
Google Docs from Word doc, shared on Google Drive, following Matt's
suggestion.
Please, see the updated link:
https://docs.google.com/document/d/1
Jack,
This document doesn't cover all the areas where user will need to get
engaged in explicit mitigation, it only covers those, I wasn't sure about.
But - you are making a good point here. Let me update the document with the
rest of the gaps, so community would have a complete list here.
Thanks
Thanks! A useful contribution, no matter what the outcome. I trust your
ability to read of the doc, so I don't expect a lot of change to the
responses, but we'll see. At a minimum, it will probably be good to have
doc to highlight areas where users will need to engage in explicit
mitigation efforts
Robert, Jack, Bryan,
As you suggested, I put together document, titled
Cassandra_Security_Topics_to_Discuss, put it on Google Drive and shared it
with everybody on this list. The document contains list of questions I have
on Cassandra, my take on it, and has a place for notes Community would like
ose companies will probably answer some of your questions for free if you
> post on these mailing lists. They’ll likely answer even more if you pay
> them.
>
>
>
> From: oleg yusim
> Reply-To: "user@cassandra.apache.org"
> Date: Friday, January 29, 2016 at 9:16 AM
&g
To throw my (unsolicited) 2 cents into the ring, Oleg, you work for a
well-funded and fairly large company. You are certainly free to continue
using the list and asking for community support (I am definitely not in any
position to tell you otherwise, anyway), but that community support is by
defini
On Fri, Jan 29, 2016 at 3:12 PM, Jack Krupansky
wrote:
> One last time, I'll simply renew my objection to the way you are abusing
> this list.
>
FWIW, while I appreciate that OP (Oleg) is attempting to do a service for
the community, I agree that the flood of single topic, context-lacking
posts
One last time, I'll simply renew my objection to the way you are abusing
this list. You'll hear no further reply from me and I will begin marking
any more of your excessive inquiries as spam. If others in the community
wish to do your security review for you one item at a time, that is their
prerog
Jack,
I have to note, Cassandra documentation the way it stays now, is not nearly
detailed enough. For instance:
https://docs.datastax.com/en/cassandra/2.1/cassandra/configuration/configLoggingLevels_r.html
is all Cassandra has to say about logging. The reason why I bring my
questions to the maili
No offense, but my suggestion here is that you write up a preliminary list
of your own answers based on your own reading of the doc, specs, and white
papers (and source code) and post that list, like on Google Docs, for
people to review in bulk, rather than force all Cassandra users on this
list to
Jack,
Appreciate the links. As I mentioned, I looked over both DSE and Cassandra
sets of documentation, and ran some experiments on my Cassandra
installation. What I'm bringing here is something I couldn't find
definitive answer for in any of the above-mentioned sources.
For instance, regarding l
There is some more detail on DSE Security in this white paper:
http://www.datastax.com/wp-content/uploads/2014/04/WP-DataStax-Enterprise-SOX-Compliance.pdf
It mentions auditing, for example. I think you were asking abut that
earlier.
There may be some additional info or discussion related to secu
Alex,
No offense are taken, your question is absolutely legit. As we used to joke
in security world "putting on my black hat"/"putting on my white hat" -
i.e. same set of questions I would be asking for hacking and protecting the
product. So, I commend you for being careful here.
Now, at that par
On Fri, Jan 29, 2016 at 8:17 AM, oleg yusim wrote:
> Thanks for encouraging me, I kind of grew a bit desperate. I'm security
> person, not a Cassandra expert, and doing security assessment of Cassandra
> DB, I have to rely on community heavily. I will put together a composed
> version of all my p
estions for free if you
> post on these mailing lists. They’ll likely answer even more if you pay
> them.
>
>
>
> From: oleg yusim
> Reply-To: "user@cassandra.apache.org"
> Date: Friday, January 29, 2016 at 9:16 AM
> To: "user@cassandra.apache.org"
> Subject: Re: Sessio
e.org"
Date: Friday, January 29, 2016 at 9:16 AM
To: "user@cassandra.apache.org"
Subject: Re: Session timeout
Jon,
I suspected something like that. I did a bit of learning on Cassandra before
starting my assessment, and I understand that you are right, and it is
generally no
>
>
> On Fri, Jan 29, 2016 at 6:19 AM oleg yusim wrote:
>
>> Not a problem, Carlos, at least you tried :) I have overall a big problem
>> with my queries to Cassandra community. Most of them are not getting
>> answered.
>>
>> Oleg
>>
>> On Fri,
rote:
> Not a problem, Carlos, at least you tried :) I have overall a big problem
> with my queries to Cassandra community. Most of them are not getting
> answered.
>
> Oleg
>
> On Fri, Jan 29, 2016 at 8:03 AM, Carlos Alonso wrote:
>
>> Oh, I thought you meant read/w
t;Security assessment
questions" and will post it once again.
As per the session timeout, my understanding, Cassandra currently doesn't
support it. I didn't find any mention of it in documentation. Also, I just
ran simple experiment on my installation (version 2.1.8, default settings):
I o
t has quite a
lot of activity and its easy sometimes to miss emails.
About this session timeout thing, could you please reply to this thread if
you find a solution? I'm curious about it.
Cheers!
Carlos Alonso | Software Engineer | @calonso <https://twitter.com/calonso>
On 29 January 2
Not a problem, Carlos, at least you tried :) I have overall a big problem
with my queries to Cassandra community. Most of them are not getting
answered.
Oleg
On Fri, Jan 29, 2016 at 8:03 AM, Carlos Alonso wrote:
> Oh, I thought you meant read/write timeout, not session timeout due
Oh, I thought you meant read/write timeout, not session timeout due to
inactivity...
Not sure there's such option. Sorry
Carlos Alonso | Software Engineer | @calonso <https://twitter.com/calonso>
On 29 January 2016 at 13:35, oleg yusim wrote:
> Carlos,
>
> I went thr
Carlos,
I went through Java and Python drivers... didn't find anything like that.
Can you bring me example from your Ruby driver? Let me also make sure we
are on the same page - I'm talking about session timeout due to inactivity,
not read timeout or something like that.
Thanks,
Ol
>> The drivers have builtin the timeout configurable functionality.
>>
>> Hope it helps.
>>
>> Carlos Alonso | Software Engineer | @calonso
>> <https://twitter.com/calonso>
>>
>> On 28 January 2016 at 22:18, oleg yusim wrote:
>>
>>>
tionality.
>
> Hope it helps.
>
> Carlos Alonso | Software Engineer | @calonso <https://twitter.com/calonso>
>
> On 28 January 2016 at 22:18, oleg yusim wrote:
>
>> Greetings,
>>
>> Does Cassandra support session timeout? If so, where can I find this
&g
Hi Oleg.
The drivers have builtin the timeout configurable functionality.
Hope it helps.
Carlos Alonso | Software Engineer | @calonso <https://twitter.com/calonso>
On 28 January 2016 at 22:18, oleg yusim wrote:
> Greetings,
>
> Does Cassandra support session timeout? If so, w
Greetings,
Does Cassandra support session timeout? If so, where can I find this
configuration switch? If not, what kind of hook I can use to write my out
code, terminating session in so many seconds of inactivity?
Thanks,
Oleg
27 matches
Mail list logo
