[
https://issues.apache.org/jira/browse/CASSANDRA-11097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15235749#comment-15235749
]
Jeff Jirsa edited comment on CASSANDRA-11097 at 4/11/16 7:21 PM:
-----------------------------------------------------------------
[~jasobrown] Oracle does this per-user / per-user-profile server side, and
perhaps a similar logic makes sense for Cassandra via CASSANDRA-8303 (ponies
territory, perhaps) so that applications can have long-lived idle connections,
but administrators are logged out if idle:
{code}
alter profile analyst limit
connect_time 180000
sessions_per_user 2
ldle_time 1800;
{code}
was (Author: jjirsa):
[~jasobrown] Oracle does this per-user / per-user-profile server side, and
perhaps a similar logic makes sense for Cassandra (getting into ponies
territory, perhaps) so that applications can have long-lived idle connections,
but administrators are logged out if idle:
{code}
alter profile analyst limit
connect_time 180000
sessions_per_user 2
ldle_time 1800;
{code}
> Idle session timeout for secure environments
> --------------------------------------------
>
> Key: CASSANDRA-11097
> URL: https://issues.apache.org/jira/browse/CASSANDRA-11097
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Jeff Jirsa
> Priority: Minor
> Labels: lhf, ponies
>
> A thread on the user list pointed out that some use cases may prefer to have
> a database disconnect sessions after some idle timeout. An example would be
> an administrator who connected via ssh+cqlsh and then walked away.
> Disconnecting that user and forcing it to re-authenticate could protect
> against unauthorized access.
> It seems like it may be possible to do this using a netty
> {{IdleStateHandler}} in a way that's low risk and perhaps off by default.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
