[
https://issues.apache.org/jira/browse/CASSANDRA-19734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17864103#comment-17864103
]
Stefan Miklosovic edited comment on CASSANDRA-19734 at 7/9/24 9:54 AM:
-----------------------------------------------------------------------
[~frankgh] interesting idea about that Listener! OK let's put some POC together
... I ll let you know when I have some skeleton of that.
It would be great if we cooperated on this. I just need to sit down and write
something usable so we may start the first rounds of reviews and iterate on
that.
was (Author: smiklosovic):
[~frankgh] interesting idea about that Listener! OK let's put some POC together
... I ll let you know when I have some skeleton of that.
> Rate limiting per-node on failed log-in attempts
> ------------------------------------------------
>
> Key: CASSANDRA-19734
> URL: https://issues.apache.org/jira/browse/CASSANDRA-19734
> Project: Cassandra
> Issue Type: New Feature
> Components: CQL/Syntax, Feature/Authorization
> Reporter: Stefan Miklosovic
> Assignee: Stefan Miklosovic
> Priority: Normal
> Fix For: 5.x
>
>
> If there is a malicious attacker who is brute-forcing passwords / usernames,
> we should just ban such user for some time. On the other hand, we should
> enable logging in for genuine users who just happened to provide invalid
> passwords for multiple times, we do not want to ban these completely.
> A rate limit might be something like "5 times per a minute".
> This should be based on IP address of a client to identify the attacker. If
> we based this on invalid passwords only, an attacker might just change the
> usernames to bypass that.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
