[ https://issues.apache.org/jira/browse/CASSANDRA-11097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15235749#comment-15235749 ]
Jeff Jirsa edited comment on CASSANDRA-11097 at 4/11/16 7:21 PM: ----------------------------------------------------------------- [~jasobrown] Oracle does this per-user / per-user-profile server side, and perhaps a similar logic makes sense for Cassandra via CASSANDRA-8303 (ponies territory, perhaps) so that applications can have long-lived idle connections, but administrators are logged out if idle: {code} alter profile analyst limit connect_time 180000 sessions_per_user 2 ldle_time 1800; {code} was (Author: jjirsa): [~jasobrown] Oracle does this per-user / per-user-profile server side, and perhaps a similar logic makes sense for Cassandra (getting into ponies territory, perhaps) so that applications can have long-lived idle connections, but administrators are logged out if idle: {code} alter profile analyst limit connect_time 180000 sessions_per_user 2 ldle_time 1800; {code} > Idle session timeout for secure environments > -------------------------------------------- > > Key: CASSANDRA-11097 > URL: https://issues.apache.org/jira/browse/CASSANDRA-11097 > Project: Cassandra > Issue Type: Improvement > Reporter: Jeff Jirsa > Priority: Minor > Labels: lhf, ponies > > A thread on the user list pointed out that some use cases may prefer to have > a database disconnect sessions after some idle timeout. An example would be > an administrator who connected via ssh+cqlsh and then walked away. > Disconnecting that user and forcing it to re-authenticate could protect > against unauthorized access. > It seems like it may be possible to do this using a netty > {{IdleStateHandler}} in a way that's low risk and perhaps off by default. -- This message was sent by Atlassian JIRA (v6.3.4#6332)