[ https://issues.apache.org/jira/browse/CASSANDRA-9889?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14652564#comment-14652564 ]
Jonathan Ellis commented on CASSANDRA-9889: ------------------------------------------- I could be missing something, but I'm not a huge fan of adding config switches that replicate limited pieces of authz functionality. Isn't this config switch the equivalent of "don't grant EXECUTE TRUSTED to anyone?" > Disable scripted UDFs by default > -------------------------------- > > Key: CASSANDRA-9889 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9889 > Project: Cassandra > Issue Type: Improvement > Reporter: Robert Stupp > Assignee: Robert Stupp > Priority: Minor > Fix For: 3.0.0 rc1 > > > (Follow-up to CASSANDRA-9402) > TL;DR this ticket is about to add an other config option to enable scripted > UDFs. > Securing Java-UDFs is much easier than scripted UDFs. > The secure execution of scripted UDFs heavily relies on "how secure" a > particular script provider implementation is. Nashorn is probably pretty good > at this - but (as discussed offline with [~iamaleksey]) we are not certain. > This becomes worse with other JSR-223 providers (which need to be installed > by the user anyway). > E.g.: > {noformat} > # Enables use of scripted UDFs. > # Java UDFs are always enabled, if enable_user_defined_functions is true. > # Enable this option to be able to use UDFs with "language javascript" or any > custom JSR-223 provider. > enable_scripted_user_defined_functions: false > {noformat} > TBH: I would feel more comfortable to have this one. But we should review > this along with enable_user_defined_functions for 4.0. -- This message was sent by Atlassian JIRA (v6.3.4#6332)