[
https://issues.apache.org/jira/browse/CASSANDRA-10039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14704599#comment-14704599
]
Robert Stupp commented on CASSANDRA-10039:
------------------------------------------
Notes from offline discussion:
* Reason why we need that amount of "allowed" stuff for javascript value
serialization. Even if serialization is decoupled, scripts require access to
UDTValue and TupleValue and DataType, Codec and so on.
* Play with Nashorn's new {{ClassFilter}} thingy - it might be the solution.
* Try to decouple serialisation and deserialization from (sandboxed) script
execution.
* Require _create untrusted_ for other languages than javascript.
> Make UDF script sandbox more robust against Nashorn internal changes
> --------------------------------------------------------------------
>
> Key: CASSANDRA-10039
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10039
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Robert Stupp
> Assignee: Robert Stupp
> Fix For: 3.x
>
>
> {{UFPureScriptTest}} doesn't work against Java 1.8.0_25 but with recent
> versions (1.8.0_51 for example).
> Need to find a way to make this more robust against future Nashorn changes.
> /cc [~aweisberg]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
