[jira] [Commented] (CASSANDRA-19734) Rate limiting on failed log-in attempts

Fri, 28 Jun 2024 15:44:02 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-19734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17860897#comment-17860897
 ] 

Michael Semb Wever commented on CASSANDRA-19734:
------------------------------------------------

Per IP rate-limiting should be optional.

It is important that roles can over the settings, because by nature different 
roles have different security levels.

Settings I imagine would be like
```
authentication_max_attempts=3
authentication_max_attempts_window=1h
authentication_max_attempts_per_ip=true
```
and 
```
CREATE ROLE test WITH LOGIN = true AND PASSWORD = 'test'
   ... AND OPTIONS = {'authentication_max_attempts': 1 };
```

You would also want to be able to disable the rate-limiter on a role (e.g. 
setting authentication_max_attempts=0).

It would also make sense to reset the rate limiter's window when the rate limit 
was hit (e.g. 3 failed attempts lead to the account being locked for one hour).

> Rate limiting on failed log-in attempts
> ---------------------------------------
>
>                 Key: CASSANDRA-19734
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-19734
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Stefan Miklosovic
>            Assignee: Stefan Miklosovic
>            Priority: Normal
>
> If there is a malicious attacker who is brute-forcing passwords / usernames, 
> we should just ban such user for some time. On the other hand, we should 
> enable logging in for genuine users who just happened to provide invalid 
> passwords for multiple times, we do not want to ban these completely. 
> A rate limit might be something like "5 times per a minute".
> This should be based on IP address of a client to identify the attacker. If 
> we based this on invalid passwords only, an attacker might just change the 
> usernames to bypass that.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to