Re: Configurable password policy in Cassandra...

2016-12-23 Thread Aleksey Yeschenko 
You can write a patch for one, or create a custom authenticator implementation 
that would enforce this.

They are pluggable after all, just like authorizer is.

-- 
AY

On 23 December 2016 at 20:06:19, Prakash Chauhan (prakash.chau...@ericsson.com) 
wrote:

Hello All,  

In Apache Cassandra , there are no strict password policies for creating a new 
user.  

A new user can be created with a password as simple as "abc" which is not at 
all recommended for production use.  
Moreover the same password can be used again and again.  

There should be a configurable password policy in Cassandra for creating new 
users.  

Any thoughts on this   



Regards,  
Prakash Chauhan.

Re: Configurable password policy in Cassandra...

2016-12-23 Thread Andy Cobley 
I’d like to take issue with this sentiment.  Whilst I can see the point, it is 
exactly this sort of attitude that leads to sites getting hacked.  You’re 
argument goes, if a site using Cassandra  loses 1million passwords it’s that 
sites admin that is to blame.  However, infosec aware developers will point out 
that if Cassandra enforced a strong password policy then the breach would not 
happen.  It’s this kind of thinking that leads to examples such  as:

https://www.hackread.com/hacker-leaks-36-million-mongodb-accounts/

Andy


On 23 Dec 2016, at 17:40, Vladimir Yudovin 
> wrote:

Hi,



actually Cassandra is not public  service like e-mail or social network. It's 
admin responsibility to create strong super password, and if there is front-end 
application allowing to users setting password such application can force 
password requirements.



Best regards, Vladimir Yudovin,

Winguzone - Cloud Cassandra Hosting






 On Fri, 23 Dec 2016 12:05:40 -0500 Prakash Chauhan 
prakash.chau...@ericsson.com wrote 





Hello All,



In Apache Cassandra , there are no strict password policies for creating a new 
user.



A new user can be created with a password as simple as "abc" which is not at 
all recommended for production use.

Moreover the same password can be used again and again.



There should be a configurable password policy in Cassandra for creating new 
users.



Any thoughts on this 







Regards,

Prakash Chauhan.

Re: Configurable password policy in Cassandra...

2016-12-23 Thread Vladimir Yudovin 
Hi,



actually Cassandra is not public  service like e-mail or social network. It's 
admin responsibility to create strong super password, and if there is front-end 
application allowing to users setting password such application can force 
password requirements.



Best regards, Vladimir Yudovin, 

Winguzone - Cloud Cassandra Hosting






 On Fri, 23 Dec 2016 12:05:40 -0500 Prakash Chauhan 
prakash.chau...@ericsson.com wrote 




Hello All, 

 

In Apache Cassandra , there are no strict password policies for creating a new 
user. 

 

A new user can be created with a password as simple as "abc" which is not at 
all recommended for production use. 

Moreover the same password can be used again and again. 

 

There should be a configurable password policy in Cassandra for creating new 
users. 

 

Any thoughts on this  

 

 

 

Regards, 

Prakash Chauhan.

Configurable password policy in Cassandra...

2016-12-23 Thread Prakash Chauhan 
Hello All,

In Apache Cassandra , there are no strict password policies for creating a new 
user.

A new user can be created with a password as simple as "abc" which is not at 
all recommended for production use.
Moreover the same password can be used again and again.

There should be a configurable password policy in Cassandra for creating new 
users.

Any thoughts on this 



Regards,
Prakash Chauhan.

Re: Kindly assign JIRA ticket CASSANDRA-12968 to me.

2016-12-23 Thread Michael Shuler 
Added you as a contributor and assigned.

-- 
Michael

On 12/23/2016 09:55 AM, Prakash Chauhan wrote:
> Hi All,
> 
> I have recently created a JIRA  ticket 
> https://issues.apache.org/jira/browse/CASSANDRA-12968 . Unfortunately  I am 
> not getting any option to assign it to myself.
> Can someone assign the ticket to me ?
> 
> Thanks...
> 
> Regards,
> Prakash Chauhan.
>

Kindly assign JIRA ticket CASSANDRA-12968 to me.

2016-12-23 Thread Prakash Chauhan 
Hi All,

I have recently created a JIRA  ticket 
https://issues.apache.org/jira/browse/CASSANDRA-12968 . Unfortunately  I am not 
getting any option to assign it to myself.
Can someone assign the ticket to me ?

Thanks...

Regards,
Prakash Chauhan.