Return-Path: Delivered-To: apmail-cassandra-user-archive@www.apache.org Received: (qmail 75680 invoked from network); 28 Jun 2010 21:21:59 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 28 Jun 2010 21:21:59 -0000 Received: (qmail 46683 invoked by uid 500); 28 Jun 2010 21:21:58 -0000 Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org Received: (qmail 46627 invoked by uid 500); 28 Jun 2010 21:21:57 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 46619 invoked by uid 99); 28 Jun 2010 21:21:57 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Jun 2010 21:21:57 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of martygreenia@gmail.com designates 72.14.220.156 as permitted sender) Received: from [72.14.220.156] (HELO fg-out-1718.google.com) (72.14.220.156) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Jun 2010 21:21:50 +0000 Received: by fg-out-1718.google.com with SMTP id 19so386498fgg.7 for ; Mon, 28 Jun 2010 14:20:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=F+fvfg5wiSQ1jvJ5vCFuTnqY8CHZ60lriLlCBdRwdPk=; b=Ey0TydULqRvGfkkpB4w5sc8ZC+koze7HD3xVPr7xrEXOx3vaOVSKDC61AfGRsokny5 4TdKSiaklVcQVa5V24edsqF23/qf5SZ+ENMeRIU3ifwja3Tb9mGMSkhpMUorS+8yIUhi UgyiWBWncDSf89rpWxQ8u6c5WNtsNLGheGwOY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=jjTkPF5FcLxeZpIXKRA+zz5oMEu++eB04LPZwdw/V1ENTRI51FvYg5WdtLaze2QVce ihKAWm9yk/6d0cY8WBqTbe1r9Q93ySca2Y09i63hMX58P7gl4/LMVjPmBT5FElYbiRgJ EODMomVy9RZNuhHy8UDCF5JVIbiSN2nPCZelk= MIME-Version: 1.0 Received: by 10.87.72.2 with SMTP id z2mr8038769fgk.29.1277760036585; Mon, 28 Jun 2010 14:20:36 -0700 (PDT) Received: by 10.86.23.11 with HTTP; Mon, 28 Jun 2010 14:20:36 -0700 (PDT) In-Reply-To: References: <5A4D71ACC2708E4BB1BD7B6F87E51C6B07FA3B27@sccorpmail01.mygazoo.com> Date: Mon, 28 Jun 2010 14:20:36 -0700 Message-ID: Subject: Re: Cassandra and Thrift on the Server Side From: Marty Greenia To: user@cassandra.apache.org Content-Type: multipart/alternative; boundary=001485f85dcc16c250048a1db192 X-Virus-Checked: Checked by ClamAV on apache.org --001485f85dcc16c250048a1db192 Content-Type: text/plain; charset=ISO-8859-1 I agree, it would probably make more sense to just use a conventional http server to interface with the browser clients on the front-end to act as a pass-through to cassandra on the back-end. No sense re-implementing all that functionality. Still, to Clint's point, everyone knows how to make an HTTP request. If you want a cassandra client running on, let's say, an iPhone for some reason, a REST API is going to be a lot more straight forward to implement. On Mon, Jun 28, 2010 at 1:53 PM, Paul Prescod wrote: > On Mon, Jun 28, 2010 at 1:45 PM, Marty Greenia > wrote: > > Would it ever be useful to someday have browser clients access cassandra > > servers directly? I imagine that would be the most compelling scenario to > > have REST API for. > > This is an interesting idea, but introduces quite a few security > complexities. Which keys will a particular browser client be allowed > to overwrite? What prevents an end-user from deleting your database > through AJAX calls? > > I think you'd need some form of ACL and access token system. That's a > lot of complexity. > > Paul Prescod > --001485f85dcc16c250048a1db192 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I agree, it would probably make more sense to just use a conventional http = server to interface with the browser clients on the front-end to act as a p= ass-through to cassandra on the back-end. No sense re-implementing all that= functionality.

Still, to Clint's point, everyone knows how to make an HTTP request= . If you want a cassandra client running on, let's say, an iPhone for s= ome reason, a REST API is going to be a lot more straight forward to implem= ent.


On Mon, Jun 28, 2010 at 1:53 PM, Paul Pr= escod <paul@presco= d.net> wrote:
On Mon, Jun 28, 2010 at 1:45 PM, Marty Greenia <martygreenia@gmail.com> wrote: > Would it ever be useful to someday have browser clients access cassand= ra
> servers directly? I imagine that would be the most compelling scenario= to
> have REST API for.

This is an interesting idea, but introduces quite a few security
complexities. Which keys will a particular browser client be allowed
to overwrite? What prevents an end-user from deleting your database
through AJAX calls?

I think you'd need some form of ACL and access token system. That's= a
lot of complexity.

=A0Paul Prescod

--001485f85dcc16c250048a1db192--