Stefan Miklosovic created CASSANDRA-19734: ---------------------------------------------
Summary: Rate limiting on failed log-in attempts Key: CASSANDRA-19734 URL: https://issues.apache.org/jira/browse/CASSANDRA-19734 Project: Cassandra Issue Type: New Feature Reporter: Stefan Miklosovic Assignee: Stefan Miklosovic If there is a malicious attacker who is brute-forcing passwords / usernames, we should just ban such user for some time. On the other hand, we should enable logging in for genuine users who just happened to provide invalid passwords for multiple times, we do not want to ban these completely. A rate limit might be something like "5 times per a minute". This should be based on IP address of a client to identify the attacker. If we based this on invalid passwords only, an attacker might just change the usernames to bypass that. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org