cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksey Yeschenko (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-9402) Implement proper sandboxing for UDFs
Date Fri, 24 Jul 2015 10:41:05 GMT


Aleksey Yeschenko commented on CASSANDRA-9402:

bq. Hm - thought we disable them in 2.2 (since experimental) and enable in 3.0 (since we have
a sandbox)

The sandbox will need to pass the test of time first, before we can just enable UDFs by default.
FWIW, I've looked at the code - multiple times - and it seems fine. But I wouldn't trust myself
(obviously), Jake, you, or even all of us combined, to get it 100% right on the first try.

The way I see it, for now, is that the sandbox makes enabling UDFs an easier choice, by making
it safer. But I would still strongly prefer them to be off by default, at least until 4.0.

> Implement proper sandboxing for UDFs
> ------------------------------------
>                 Key: CASSANDRA-9402
>                 URL:
>             Project: Cassandra
>          Issue Type: Task
>            Reporter: T Jake Luciani
>            Assignee: Robert Stupp
>            Priority: Critical
>              Labels: docs-impacting, security
>             Fix For: 3.0 beta 1
>         Attachments: 9402-warning.txt
> We want to avoid a security exploit for our users.  We need to make sure we ship 2.2
UDFs with good defaults so someone exposing it to the internet accidentally doesn't open themselves
up to having arbitrary code run.

This message was sent by Atlassian JIRA

View raw message