cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Ellis (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-9889) Disable scripted UDFs by default
Date Mon, 03 Aug 2015 21:36:04 GMT


Jonathan Ellis commented on CASSANDRA-9889:

I could be missing something, but I'm not a huge fan of adding config switches that replicate
limited pieces of authz functionality.  Isn't this config switch the equivalent of "don't
grant EXECUTE TRUSTED to anyone?"

> Disable scripted UDFs by default
> --------------------------------
>                 Key: CASSANDRA-9889
>                 URL:
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Robert Stupp
>            Assignee: Robert Stupp
>            Priority: Minor
>             Fix For: 3.0.0 rc1
> (Follow-up to CASSANDRA-9402)
> TL;DR this ticket is about to add an other config option to enable scripted UDFs.
> Securing Java-UDFs is much easier than scripted UDFs.
> The secure execution of scripted UDFs heavily relies on "how secure" a particular script
provider implementation is. Nashorn is probably pretty good at this - but (as discussed offline
with [~iamaleksey]) we are not certain. This becomes worse with other JSR-223 providers (which
need to be installed by the user anyway).
> E.g.:
> {noformat}
> # Enables use of scripted UDFs.
> # Java UDFs are always enabled, if enable_user_defined_functions is true.
> # Enable this option to be able to use UDFs with "language javascript" or any custom
JSR-223 provider.
> enable_scripted_user_defined_functions: false
> {noformat}
> TBH: I would feel more comfortable to have this one. But we should review this along
with enable_user_defined_functions for 4.0.

This message was sent by Atlassian JIRA

View raw message