cassandra-client-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Ellis <jbel...@gmail.com>
Subject Re: PHP Cassandra CQL driver
Date Tue, 29 Mar 2011 22:22:52 GMT
On Tue, Mar 29, 2011 at 5:00 PM, Eric Evans <eevans@rackspace.com> wrote:
>> My suggestion as a means of heavily mitigating the damage of these
>> attacks would be to only permit a single query at a time (i.e. remove
>> the ';' token).
>
> This is effectively the case.  The parser is run exactly once for each
> request and is only capable of parsing exactly one statement (no less,
> no more).  Terminating a query with ';' is allowed, but has no effect on
> this.

Batches allow multiple semicolon-delimited statements.

I think we'd need to have a separate cql_batch rpc method that took a
list of statements to solve this.  (I.e., begin/apply batch and the
semicolons would be strictly interactive markers that would be used to
break it up into the statements to send in that list.)

-- 
Jonathan Ellis
Project Chair, Apache Cassandra
co-founder of DataStax, the source for professional Cassandra support
http://www.datastax.com

Mime
View raw message