[jira] [Commented] (CASSANDRA-19734) Rate limiting on failed log-in attempts

Fri, 28 Jun 2024 16:06:34 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-19734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17860901#comment-17860901
 ] 

Francisco Guerrero commented on CASSANDRA-19734:
------------------------------------------------

Another thing to keep in mind is whether the restriction is per Cassandra 
instance or per cluster? And if it's per instance, we'll need to consider 
whether we will keep track of login attempts in memory, or we will persist the 
login history. In memory and per instance should be easier to implement and 
might be a reasonable solution, with the drawback that an attacker that knows 
the topology of the cluster can make multiple attempts per Cassandra instance. 
Any solution that persists data will potentially add some latency to the login 
process which might not be desirable for legitimate users. So we need to decide 
which approach we'll want to take and decide on the tradeoffs we are willing to 
take. My personal preference would be to have these restrictions per instance 
in memory.

> Rate limiting on failed log-in attempts
> ---------------------------------------
>
>                 Key: CASSANDRA-19734
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-19734
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Stefan Miklosovic
>            Assignee: Stefan Miklosovic
>            Priority: Normal
>
> If there is a malicious attacker who is brute-forcing passwords / usernames, 
> we should just ban such user for some time. On the other hand, we should 
> enable logging in for genuine users who just happened to provide invalid 
> passwords for multiple times, we do not want to ban these completely. 
> A rate limit might be something like "5 times per a minute".
> This should be based on IP address of a client to identify the attacker. If 
> we based this on invalid passwords only, an attacker might just change the 
> usernames to bypass that.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to