omniCoder77 opened a new pull request, #4596: URL: https://github.com/apache/cassandra/pull/4596
Validation is posted on [Jira Ticket](https://issues.apache.org/jira/browse/CASSANDRA-21139) **Feature suggestion:** Guardrail for miss-prepared statements **Description:** We have hundreds of application teams and several dozen of them miss-prepare statements by using literals instead of bind markers. I.e., ``` // wrong session.prepare("select * from users where ID = 996"); session.prepare("select * from users where ID = 997"); session.prepare("select * from users where ID = 998"); session.prepare("select * from users where ID = 999"); // correct session.prepare("select * from users where ID = ?"); ``` The problem causes the prepared statement cache to constantly overflow, and will print a prepared statements discarded WARN message in the Cassandra log. At present, we use a wack-a-mole approach to discuss the problem with each development team individually, and hope they fix it and train the entire team on how to prepare statements correctly. Also, finding the root cause of the issue today requires having the knowledge and access to look at the system.prepared_statements table. Guardrails would seem a good approach here, where the guard could WARN or REJECT when a statement was prepared using a WHERE clause and no bind markers. Note, this should not prevent users from creating prepared statements without a WHERE clause or with one or more literal values so long as there was at least one bind marker. Thus, the following would remain valid: ``` session.prepare("select * from users"); session.prepare("select * from users where TYPE=5 and ID = ?"); ``` **Approach:** Introduced a boolean flag `use_misprepare_statements_enabled` (which can be configured from `cassandra.yaml`) whose default value is true (backward compatibility) and added functions to `StorageServiceMBean` to enable dynamic runtime configuration. Added test cases to validate changes in `parseAndPrepare` function. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
