[ https://issues.apache.org/jira/browse/CASSANDRA-9402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14640308#comment-14640308 ]
Aleksey Yeschenko commented on CASSANDRA-9402: ---------------------------------------------- We could relax the constraint on Java UDFs sooner than that. Script-based sandboxing that we have is not exactly secure, though (and there are no easy ways to fix it that I see), so that will probably have to stay forever gated. > Implement proper sandboxing for UDFs > ------------------------------------ > > Key: CASSANDRA-9402 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9402 > Project: Cassandra > Issue Type: Task > Reporter: T Jake Luciani > Assignee: Robert Stupp > Priority: Critical > Labels: docs-impacting, security > Fix For: 3.0 beta 1 > > Attachments: 9402-post-disable.txt, 9402-warning.txt > > > We want to avoid a security exploit for our users. We need to make sure we > ship 2.2 UDFs with good defaults so someone exposing it to the internet > accidentally doesn't open themselves up to having arbitrary code run. -- This message was sent by Atlassian JIRA (v6.3.4#6332)