[CASSANDRA-19734] Rate limiting per-node on failed log-in attempts - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: In Progress
Priority: Normal
Resolution: Unresolved
Fix Version/s: 5.x
Component/s: CQL/Syntax, Feature/Authorization
Labels:
None

Change Category:
Operability
Complexity:
Normal
Platform:

All
Impacts:

None

Description

If there is a malicious attacker who is brute-forcing passwords / usernames, we should just ban such user for some time. On the other hand, we should enable logging in for genuine users who just happened to provide invalid passwords for multiple times, we do not want to ban these completely.

A rate limit might be something like "5 times per a minute".

This should be based on IP address of a client to identify the attacker. If we based this on invalid passwords only, an attacker might just change the usernames to bypass that.

Attachments

Activity

People

Assignee:: Stefan Miklosovic

Reporter:: Stefan Miklosovic

Authors:: Stefan Miklosovic

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 28/Jun/24 14:30

Updated:: 28/Aug/24 15:05