[ https://issues.apache.org/jira/browse/CASSANDRA-19734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17864103#comment-17864103 ]
Stefan Miklosovic edited comment on CASSANDRA-19734 at 7/9/24 9:54 AM: ----------------------------------------------------------------------- [~frankgh] interesting idea about that Listener! OK let's put some POC together ... I ll let you know when I have some skeleton of that. It would be great if we cooperated on this. I just need to sit down and write something usable so we may start the first rounds of reviews and iterate on that. was (Author: smiklosovic): [~frankgh] interesting idea about that Listener! OK let's put some POC together ... I ll let you know when I have some skeleton of that. > Rate limiting per-node on failed log-in attempts > ------------------------------------------------ > > Key: CASSANDRA-19734 > URL: https://issues.apache.org/jira/browse/CASSANDRA-19734 > Project: Cassandra > Issue Type: New Feature > Components: CQL/Syntax, Feature/Authorization > Reporter: Stefan Miklosovic > Assignee: Stefan Miklosovic > Priority: Normal > Fix For: 5.x > > > If there is a malicious attacker who is brute-forcing passwords / usernames, > we should just ban such user for some time. On the other hand, we should > enable logging in for genuine users who just happened to provide invalid > passwords for multiple times, we do not want to ban these completely. > A rate limit might be something like "5 times per a minute". > This should be based on IP address of a client to identify the attacker. If > we based this on invalid passwords only, an attacker might just change the > usernames to bypass that. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org