cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Andreas <>
Subject Re: UDF related question
Date Wed, 04 Apr 2018 05:36:05 GMT
Hi Kant,

A common pattern in sandboxing (semi-)untrusted code* in Java processes is to make use of
a SecurityManager<>
with an associated Policy<>.
These can be used to define a whitelist of packages permitted to be invoked by user code executed
in its context.

The implementation of ThreadAwareSecurityManager and SecurityThreadGroup might be helpful
as an example:

For Java-based UDF functions, see also the definition of the UDF bytecode verifier defined


* I say (semi-) as allowing users to define and execute code within a database process implies
a fairly high level of trust, and though guarded by a SecurityManager and bytecode verifier,
may not be a matter to be taken lightly depending on the level of security or tenant isolation
you require.

On Apr 3, 2018, at 7:13 PM, Kant Kodali <<>>

Hi All,

I was reading the article below and I was wondering how did one manage to block all I/O calls
given that there is no byte code instruction for I/O in java instead all the I/O calls in
java will go through invokevirtual byte code instruction. But this can call a C function that
just add two numbers right. so how can one block all I/O calls?


View raw message