[
https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14273638#comment-14273638
]
Aleksey Yeschenko commented on CASSANDRA-8303:
----------------------------------------------
bq. Authorization is about allowing configurable limits on what people can and
cannot do and UNPREPARED_STATEMENTS fits that as much as any other restriction
we're discussing here as far as I can tell.
IMO authorization is about limiting access to resources (tables and functions).
Adding limits on different ways to access them (filtering, indexes, multigets,
batches) is a stretch and a hack, but I'm willing to let it happen, simply
because of their destructive potential. Prepared vs. unprepared is almost a
protocol level detail, is not a distinction that the authorization subsystem
should ever be aware of.
That there was a conceptual issue. I also highly doubt the usefulness of it -
non-prepared statements don't have a destructive potential, and you often want
to use them (from cqlsh, for one, and for one-off queries that you don't reuse
anyway).
So to me it both doesn't fit conceptually and is rather useless in itself.
> Provide "strict mode" for CQL Queries
> -------------------------------------
>
> Key: CASSANDRA-8303
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8303
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Anupam Arora
> Fix For: 3.0
>
>
> Please provide a "strict mode" option in cassandra that will kick out any CQL
> queries that are expensive, e.g. any query with ALLOWS FILTERING,
> multi-partition queries, secondary index queries, etc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
