[CASSANDRA-11097] Idle session timeout for secure environments - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Low
Resolution: Fixed
Fix Version/s: 4.0-alpha1, 4.0
Component/s: Legacy/CQL
Labels:
- lhf
- ponies

Complexity:
Low Hanging Fruit
Source Control Link:

https://github.com/apache/cassandra/commit/0240a4659d761f06f94f8cd97097f2d0ad2d220c
Test and Documentation Plan:

Hide

Patch is relatively small. Tests are integrated in the patch. Additional testing is possible from the side of java (or python) drivers.

Show
Patch is relatively small. Tests are integrated in the patch. Additional testing is possible from the side of java (or python) drivers.

Description

A thread on the user list pointed out that some use cases may prefer to have a database disconnect sessions after some idle timeout. An example would be an administrator who connected via ssh+cqlsh and then walked away. Disconnecting that user and forcing it to re-authenticate could protect against unauthorized access.

It seems like it may be possible to do this using a netty IdleStateHandler in a way that's low risk and perhaps off by default.

Attachments

Activity

People

Assignee:: Alex Petrov

Reporter:: Jeff Jirsa

Authors:: Alex Petrov

Reviewers:: Aleksey Yeschenko

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 29/Jan/16 20:20

Updated:: 15/May/20 08:00

Resolved:: 10/Jul/19 21:07