incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nate McCall <n...@datastax.com>
Subject Re: CQL injection attacks?
Date Thu, 30 Jun 2011 19:20:26 GMT
The CQL drivers are all still sitting on top of the execute_cql_query
Thrift API method for now.

On Wed, Jun 29, 2011 at 2:12 PM,  <dnallsopp@taz.qinetiq.com> wrote:
>
> Someone asked a while ago whether Cassandra was vulnerable to injection attacks:
>
> http://stackoverflow.com/questions/5998838/nosql-injection-php-phpcassa-cassandra
>
> With Thrift, the answer was 'no'.
>
> With CQL, presumably the situation is different, at least until prepared
> statements are possible (CASSANDRA-2475) ?
>
> Has there been any discussion on this already that someone could point me to,
> please? I couldn't see anything on JIRA (searching for CQL AND injection, CQL
> AND security, etc).
>
> Thanks.
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
> This email and any attachments to it may be confidential and are
> intended solely for the use of the individual to whom it is addressed.
> If you are not the intended recipient of this email, you must neither
> take any action based upon its contents, nor copy or show it to anyone.
> Please contact the sender if you believe you have received this email in
> error. QinetiQ may monitor email traffic data and also the content of
> email for the purposes of security. QinetiQ Limited (Registered in
> England & Wales: Company Number: 3796233) Registered office: Cody Technology
> Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com.
>

Mime
View raw message