[ https://issues.apache.org/jira/browse/CASSANDRA-9402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14640279#comment-14640279 ]
Aleksey Yeschenko commented on CASSANDRA-9402: ---------------------------------------------- bq. Hm - thought we disable them in 2.2 (since experimental) and enable in 3.0 (since we have a sandbox) The sandbox will need to pass the test of time first, before we can just enable UDFs by default. FWIW, I've looked at the code - multiple times - and it seems fine. But I wouldn't trust myself (obviously), Jake, you, or even all of us combined, to get it 100% right on the first try. The way I see it, for now, is that the sandbox makes enabling UDFs an easier choice, by making it safer. But I would still strongly prefer them to be off by default, at least until 4.0. > Implement proper sandboxing for UDFs > ------------------------------------ > > Key: CASSANDRA-9402 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9402 > Project: Cassandra > Issue Type: Task > Reporter: T Jake Luciani > Assignee: Robert Stupp > Priority: Critical > Labels: docs-impacting, security > Fix For: 3.0 beta 1 > > Attachments: 9402-warning.txt > > > We want to avoid a security exploit for our users. We need to make sure we > ship 2.2 UDFs with good defaults so someone exposing it to the internet > accidentally doesn't open themselves up to having arbitrary code run. -- This message was sent by Atlassian JIRA (v6.3.4#6332)