[
https://issues.apache.org/jira/browse/CASSANDRA-9402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14640279#comment-14640279
]
Aleksey Yeschenko commented on CASSANDRA-9402:
----------------------------------------------
bq. Hm - thought we disable them in 2.2 (since experimental) and enable in 3.0
(since we have a sandbox)
The sandbox will need to pass the test of time first, before we can just enable
UDFs by default. FWIW, I've looked at the code - multiple times - and it seems
fine. But I wouldn't trust myself (obviously), Jake, you, or even all of us
combined, to get it 100% right on the first try.
The way I see it, for now, is that the sandbox makes enabling UDFs an easier
choice, by making it safer. But I would still strongly prefer them to be off by
default, at least until 4.0.
> Implement proper sandboxing for UDFs
> ------------------------------------
>
> Key: CASSANDRA-9402
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9402
> Project: Cassandra
> Issue Type: Task
> Reporter: T Jake Luciani
> Assignee: Robert Stupp
> Priority: Critical
> Labels: docs-impacting, security
> Fix For: 3.0 beta 1
>
> Attachments: 9402-warning.txt
>
>
> We want to avoid a security exploit for our users. We need to make sure we
> ship 2.2 UDFs with good defaults so someone exposing it to the internet
> accidentally doesn't open themselves up to having arbitrary code run.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
