cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Drew Kutcharian <d...@venarc.com>
Subject Possible design flaw in "Cassandra By Example" blog
Date Wed, 13 Apr 2011 22:07:58 GMT
Hi Everyone,

I was going thru Cassandra By Example Blog http://www.rackspace.com/cloud/blog/2010/05/12/cassandra-by-example/
and I had a question about the user sign up section:

username = 'jericevans'
password = '**********'
useruuid = str(uuid())
columns = {'id': useruuid, 'username': username, 'password': password}
USER.insert(useruuid, columns)
USERNAME.insert(username, {'id': useruuid})

How can I guarantee that USERNAME.insert(username, {'id': useruuid}) won't overwrite someone
else's account. What I mean is how can I guarantee that a user's username doesn't already
exist in Cassandra? I know I can check first, but in a highly concurrent environment, there's
a possibility that between USER.insert(useruuid, columns) and USERNAME.insert(username, {'id':
useruuid}) someone else does the same USERNAME.insert(username, {'id': useruuid}) and hijack
the user's account.

Seems like that USERNAME is something that the author has added since it's missing in original
Twissandra source code.

Thanks,

Drew


Mime
View raw message