Re: Configurable password policy in Cassandra...

2016-12-23 Thread Andy Cobley 
I’d like to take issue with this sentiment.  Whilst I can see the point, it is 
exactly this sort of attitude that leads to sites getting hacked.  You’re 
argument goes, if a site using Cassandra  loses 1million passwords it’s that 
sites admin that is to blame.  However, infosec aware developers will point out 
that if Cassandra enforced a strong password policy then the breach would not 
happen.  It’s this kind of thinking that leads to examples such  as:

https://www.hackread.com/hacker-leaks-36-million-mongodb-accounts/

Andy


On 23 Dec 2016, at 17:40, Vladimir Yudovin 
> wrote:

Hi,



actually Cassandra is not public  service like e-mail or social network. It's 
admin responsibility to create strong super password, and if there is front-end 
application allowing to users setting password such application can force 
password requirements.



Best regards, Vladimir Yudovin,

Winguzone - Cloud Cassandra Hosting






 On Fri, 23 Dec 2016 12:05:40 -0500 Prakash Chauhan 
prakash.chau...@ericsson.com wrote 





Hello All,



In Apache Cassandra , there are no strict password policies for creating a new 
user.



A new user can be created with a password as simple as "abc" which is not at 
all recommended for production use.

Moreover the same password can be used again and again.



There should be a configurable password policy in Cassandra for creating new 
users.



Any thoughts on this 







Regards,

Prakash Chauhan.

Re: CASSANDRA-12278

2016-09-03 Thread Andy Cobley 
Thanks Michael and Paulo,

Upon further investigation, this is NOT a cassandra problem but a Java 
installation problem.  The machine in questioned been upgraded from 1.8.0_20 ro 
1.8.0_101.  This had upgraded the PATH env variable (java -version from the 
command line pointed to java 1.8.0_101) but it had not upgraded the JAVA_HOME 
env variable.  That still pointed to the old version of java.

Cassandra-env.ps1 uses JAVA_HOME to set  JAVA_BIN env variable (line 297) .  Is 
it worth putting in a test to see if Java -version gives a different result to 
JAVA_HOME ?

Andy
> On 2 Sep 2016, at 21:00, Michael Shuler <mich...@pbandjelly.org> wrote:
> 
> On 09/02/2016 05:19 AM, Andy Cobley wrote:
>> However I’ve just tried  apache-cassandra-3.10-SNAPSHOT and am
>> still getting
>> 
>> "Cassandra 3.0 and later require Java 8u40 or later.”
> 
> What is the git sha of your 3.10-SNAPSHOT build?
> 
> I see this was committed to trunk Jul 27, so perhaps your build is
> older? If you are using something newer, maybe you could throw some
> `echo` statements on those new version checks in conf/cassandra-env.ps1
> to send some troubleshooting bits to stdout.
> 
> 
> commit 01d5fa8acf05973074482eda497677c161a311ac
> Author: Paulo Motta <pauloricard...@gmail.com>
> Date:   Wed Jul 27 11:41:17 2016 -0400
> 
>Fix Java Version check for versions > 100 on Windows (3.0 patch)
> 
>Patch by pmotta; reviewed by jmckenzie for CASSANDRA-12278
> 
> -- 
> Kind regards,
> Michael

CASSANDRA-12278

2016-09-02 Thread Andy Cobley 
HI all,

Cassandra-12278 is listed as resolved in 
3.0.9, 
3.8 .  
However I’ve just tried  apache-cassandra-3.10-SNAPSHOT and am still getting

"Cassandra 3.0 and later require Java 8u40 or later.”

My JVM is 1.8.0_101
Windows is Windows 7
Powershell is enabled

Can anyone confirm ?

Andy

Re: C* engine

2013-12-19 Thread Andy Cobley 
The question just as easily be asked, why not rewrite it in Erlang ?  Probably 
lots of advantages to be gained there, the ability to upgrade on the fly, 
native message passing, functional programming  paradigm ?

But as Brandon says, you would be throwing away so much work, would it be worth 
it ?

Andy


On 19 Dec 2013, at 19:22, Roman Vasilyev rvasil...@netflix.com wrote:

 Hello,
 
 Don't want to rise holy war. Just let me share my crazy thoughts.
 I believe it could improve Cassandra speed and robustness.
 
 What people will say if I propose to have Cassandra engine written in C/C++, 
 and this engine will give you ability to run extensions in Java, Groovy and 
 bunch other languages like Perl/Python/Ruby?
 
 I just want to understand for myself does this solution will be useful or I'm 
 looking in wrong direction?
 
 Thank you for reading.


The University of Dundee is a Scottish Registered Charity, No. SC015096.