Re: Configurable password policy in Cassandra...
You can write a patch for one, or create a custom authenticator implementation that would enforce this. They are pluggable after all, just like authorizer is. -- AY On 23 December 2016 at 20:06:19, Prakash Chauhan (prakash.chau...@ericsson.com) wrote: Hello All, In Apache Cassandra , there are no strict password policies for creating a new user. A new user can be created with a password as simple as "abc" which is not at all recommended for production use. Moreover the same password can be used again and again. There should be a configurable password policy in Cassandra for creating new users. Any thoughts on this Regards, Prakash Chauhan.
Re: Configurable password policy in Cassandra...
I’d like to take issue with this sentiment. Whilst I can see the point, it is exactly this sort of attitude that leads to sites getting hacked. You’re argument goes, if a site using Cassandra loses 1million passwords it’s that sites admin that is to blame. However, infosec aware developers will point out that if Cassandra enforced a strong password policy then the breach would not happen. It’s this kind of thinking that leads to examples such as: https://www.hackread.com/hacker-leaks-36-million-mongodb-accounts/ Andy On 23 Dec 2016, at 17:40, Vladimir Yudovin <vla...@winguzone.com<mailto:vla...@winguzone.com>> wrote: Hi, actually Cassandra is not public service like e-mail or social network. It's admin responsibility to create strong super password, and if there is front-end application allowing to users setting password such application can force password requirements. Best regards, Vladimir Yudovin, Winguzone - Cloud Cassandra Hosting On Fri, 23 Dec 2016 12:05:40 -0500 Prakash Chauhan prakash.chau...@ericsson.com<mailto:prakash.chau...@ericsson.com> wrote Hello All, In Apache Cassandra , there are no strict password policies for creating a new user. A new user can be created with a password as simple as "abc" which is not at all recommended for production use. Moreover the same password can be used again and again. There should be a configurable password policy in Cassandra for creating new users. Any thoughts on this Regards, Prakash Chauhan.
Re: Configurable password policy in Cassandra...
Hi, actually Cassandra is not public service like e-mail or social network. It's admin responsibility to create strong super password, and if there is front-end application allowing to users setting password such application can force password requirements. Best regards, Vladimir Yudovin, Winguzone - Cloud Cassandra Hosting On Fri, 23 Dec 2016 12:05:40 -0500 Prakash Chauhan prakash.chau...@ericsson.com wrote Hello All, In Apache Cassandra , there are no strict password policies for creating a new user. A new user can be created with a password as simple as "abc" which is not at all recommended for production use. Moreover the same password can be used again and again. There should be a configurable password policy in Cassandra for creating new users. Any thoughts on this Regards, Prakash Chauhan.
Configurable password policy in Cassandra...
Hello All, In Apache Cassandra , there are no strict password policies for creating a new user. A new user can be created with a password as simple as "abc" which is not at all recommended for production use. Moreover the same password can be used again and again. There should be a configurable password policy in Cassandra for creating new users. Any thoughts on this Regards, Prakash Chauhan.