cassandra-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Ellis <jbel...@gmail.com>
Subject Re: PHP Cassandra CQL driver
Date Tue, 29 Mar 2011 14:54:32 GMT
On Tue, Mar 29, 2011 at 9:41 AM, Courtney Robinson <sabco@live.co.uk> wrote:
> My suggestion as a means of heavily mitigating the damage of these attacks would be to
only permit a single query at a time (i.e. remove the ';' token). Only trusted, administrative
client applications (e.g. a GUI or console) should really permit issuing multiple queries
like this. Such clients could decompose the queries in to separate queries and issue them
individually.

+1.

; should only be used to let an interactive interface to know "that's
the end of my query."

-- 
Jonathan Ellis
Project Chair, Apache Cassandra
co-founder of DataStax, the source for professional Cassandra support
http://www.datastax.com

Mime
View raw message