[
https://issues.apache.org/jira/browse/CASSANDRA-9402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14558574#comment-14558574
]
Jonathan Ellis commented on CASSANDRA-9402:
-------------------------------------------
PG splits it up into two parts:
{{CREATE LANGUAGE}} and subsequently {{CREATE FUNCTION}}.
Creating an untrusted language always requires superuser mode. Once that is
done, creating functions in it requires nothing special.
Personally I would be fine with this approach, but I think it would be more
useful to have the extra permission on creating the function, and also wouldn't
require adding explicit {{CREATE LANGUAGE}}.
> Implement proper sandboxing for UDFs
> ------------------------------------
>
> Key: CASSANDRA-9402
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9402
> Project: Cassandra
> Issue Type: Task
> Reporter: T Jake Luciani
> Assignee: Robert Stupp
> Priority: Critical
> Labels: doc-impacting, security
> Fix For: 2.2.0 rc1
>
>
> We want to avoid a security exploit for our users. We need to make sure we
> ship 2.2 UDFs with good defaults so someone exposing it to the internet
> accidentally doesn't open themselves up to having arbitrary code run.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
