cassandra-client-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Courtney Robinson <>
Subject Re: PHP Cassandra CQL driver
Date Tue, 29 Mar 2011 23:32:37 GMT
Comments inline...

On Tue, Mar 29, 2011 at 5:00 PM, Eric Evans <> wrote:
>>> My suggestion as a means of heavily mitigating the damage of these
>>> attacks would be to only permit a single query at a time (i.e. remove
>>> the ';' token).
>> This is effectively the case.  The parser is run exactly once for each
>> request and is only capable of parsing exactly one statement (no less,
>> no more).  Terminating a query with ';' is allowed, but has no effect on
>> this.

>Batches allow multiple semicolon-delimited statements.
>I think we'd need to have a separate cql_batch rpc method that took a
>list of statements to solve this.  (I.e., begin/apply batch and the
>semicolons would be strictly interactive markers that would be used to
>break it up into the statements to send in that list.)

So effectively cql_batch accepts a list something like:
List<Statement> batchStatments;

where each Statement in the list is limited to exactly one... select or 
whatever ?
Making it one call to the server but then each statement is processed 

View raw message