I’d like to take issue with this sentiment. Whilst I can see the point, it is exactly this sort of attitude that leads to sites getting hacked. You’re argument goes, if a site using Cassandra loses 1million passwords it’s that sites admin that is to blame. However, infosec aware developers will point out that if Cassandra enforced a strong password policy then the breach would not happen. It’s this kind of thinking that leads to examples such as:
https://www.hackread.com/hacker-leaks-36-million-mongodb-accounts/ Andy On 23 Dec 2016, at 17:40, Vladimir Yudovin <vla...@winguzone.com<mailto:vla...@winguzone.com>> wrote: Hi, actually Cassandra is not public service like e-mail or social network. It's admin responsibility to create strong super password, and if there is front-end application allowing to users setting password such application can force password requirements. Best regards, Vladimir Yudovin, Winguzone - Cloud Cassandra Hosting ---- On Fri, 23 Dec 2016 12:05:40 -0500 Prakash Chauhan <prakash.chau...@ericsson.com<mailto:prakash.chau...@ericsson.com>> wrote ---- Hello All, In Apache Cassandra , there are no strict password policies for creating a new user. A new user can be created with a password as simple as "abc" which is not at all recommended for production use. Moreover the same password can be used again and again. There should be a configurable password policy in Cassandra for creating new users. Any thoughts on this .... Regards, Prakash Chauhan.
