cassandra-client-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Ellis <>
Subject Re: PHP Cassandra CQL driver
Date Tue, 29 Mar 2011 22:22:52 GMT
On Tue, Mar 29, 2011 at 5:00 PM, Eric Evans <> wrote:
>> My suggestion as a means of heavily mitigating the damage of these
>> attacks would be to only permit a single query at a time (i.e. remove
>> the ';' token).
> This is effectively the case.  The parser is run exactly once for each
> request and is only capable of parsing exactly one statement (no less,
> no more).  Terminating a query with ';' is allowed, but has no effect on
> this.

Batches allow multiple semicolon-delimited statements.

I think we'd need to have a separate cql_batch rpc method that took a
list of statements to solve this.  (I.e., begin/apply batch and the
semicolons would be strictly interactive markers that would be used to
break it up into the statements to send in that list.)

Jonathan Ellis
Project Chair, Apache Cassandra
co-founder of DataStax, the source for professional Cassandra support

View raw message