[jira] [Commented] (CASSANDRA-15005) Configurable whilelist for UDFs
[ https://issues.apache.org/jira/browse/CASSANDRA-15005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17443392#comment-17443392 ] Adam Soroka commented on CASSANDRA-15005: - Far from using this in production, I'm afraid I'm not even involved with that project very much any more. It has been more than two years, after all. Nevertheless, I'm happy to try to respond to review comments, just to get some closure on this. > Configurable whilelist for UDFs > --- > > Key: CASSANDRA-15005 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15005 > Project: Cassandra > Issue Type: Improvement > Components: CQL/Interpreter >Reporter: Adam Soroka >Priority: Low > > I would like to use the UDF system to distribute some simple calculations on > values. For some use cases, this would require access only to some Java API > classes that aren't on the (hardcoded) whitelist (e.g. > {{java.security.MessageDigest}}). In other cases, it would require access to > a little non-C* library code, pre-distributed to nodes by out-of-band means. > As I understand the situation now, the whitelist for types UDFs can use is > hardcoded in java in > [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].] > This ticket, then, is a request for a facility that would allow that list to > be extended via some kind of deployment-time configuration. I realize that > serious security concerns immediately arise for this kind of functionality, > but I hope that by restricting it (only used during startup, no exposing the > whitelist for introspection, etc.) it could be quite practical. > I'd like very much to assist with this ticket if it is accepted. (I believe I > have sufficient Java skill to do that, but no real familiarity with C*'s > codebase, yet. :) ) -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15005) Configurable whilelist for UDFs
[ https://issues.apache.org/jira/browse/CASSANDRA-15005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16838578#comment-16838578 ] A. Soroka commented on CASSANDRA-15005: --- Okay, [~jmeredithco], thanks for clarifying! I figured it would land in 4.x, just not sure what that means in terms of time. > Configurable whilelist for UDFs > --- > > Key: CASSANDRA-15005 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15005 > Project: Cassandra > Issue Type: Improvement > Components: CQL/Interpreter >Reporter: A. Soroka >Priority: Low > > I would like to use the UDF system to distribute some simple calculations on > values. For some use cases, this would require access only to some Java API > classes that aren't on the (hardcoded) whitelist (e.g. > {{java.security.MessageDigest}}). In other cases, it would require access to > a little non-C* library code, pre-distributed to nodes by out-of-band means. > As I understand the situation now, the whitelist for types UDFs can use is > hardcoded in java in > [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].] > This ticket, then, is a request for a facility that would allow that list to > be extended via some kind of deployment-time configuration. I realize that > serious security concerns immediately arise for this kind of functionality, > but I hope that by restricting it (only used during startup, no exposing the > whitelist for introspection, etc.) it could be quite practical. > I'd like very much to assist with this ticket if it is accepted. (I believe I > have sufficient Java skill to do that, but no real familiarity with C*'s > codebase, yet. :) ) -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15005) Configurable whilelist for UDFs
[ https://issues.apache.org/jira/browse/CASSANDRA-15005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16837426#comment-16837426 ] A. Soroka commented on CASSANDRA-15005: --- Hi, [~jmeredithco]. I've been following the few conversations on the dev@ list, but I haven't been able to get a sense of when/how we might be able to get this reviewed and merged. Do you have any sense of the timing for a 4.0 release (which is what I am assuming, perhaps wrongly, is what will unstick things)? > Configurable whilelist for UDFs > --- > > Key: CASSANDRA-15005 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15005 > Project: Cassandra > Issue Type: Improvement > Components: CQL/Interpreter >Reporter: A. Soroka >Priority: Low > > I would like to use the UDF system to distribute some simple calculations on > values. For some use cases, this would require access only to some Java API > classes that aren't on the (hardcoded) whitelist (e.g. > {{java.security.MessageDigest}}). In other cases, it would require access to > a little non-C* library code, pre-distributed to nodes by out-of-band means. > As I understand the situation now, the whitelist for types UDFs can use is > hardcoded in java in > [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].] > This ticket, then, is a request for a facility that would allow that list to > be extended via some kind of deployment-time configuration. I realize that > serious security concerns immediately arise for this kind of functionality, > but I hope that by restricting it (only used during startup, no exposing the > whitelist for introspection, etc.) it could be quite practical. > I'd like very much to assist with this ticket if it is accepted. (I believe I > have sufficient Java skill to do that, but no real familiarity with C*'s > codebase, yet. :) ) -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15005) Configurable whilelist for UDFs
[ https://issues.apache.org/jira/browse/CASSANDRA-15005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16808074#comment-16808074 ] A. Soroka commented on CASSANDRA-15005: --- I'm not sure whether I'll be using it before a release, because I plan to use it experimentally this spring, but I don't know when there will be a new Cassandra release. (Soon I hope! :grin:) Production use of this feature would be many, many months away for me. I can't imagine that happening before a release, but I know very little about the larger schedule. > Configurable whilelist for UDFs > --- > > Key: CASSANDRA-15005 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15005 > Project: Cassandra > Issue Type: Improvement > Components: CQL/Interpreter >Reporter: A. Soroka >Priority: Low > > I would like to use the UDF system to distribute some simple calculations on > values. For some use cases, this would require access only to some Java API > classes that aren't on the (hardcoded) whitelist (e.g. > {{java.security.MessageDigest}}). In other cases, it would require access to > a little non-C* library code, pre-distributed to nodes by out-of-band means. > As I understand the situation now, the whitelist for types UDFs can use is > hardcoded in java in > [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].] > This ticket, then, is a request for a facility that would allow that list to > be extended via some kind of deployment-time configuration. I realize that > serious security concerns immediately arise for this kind of functionality, > but I hope that by restricting it (only used during startup, no exposing the > whitelist for introspection, etc.) it could be quite practical. > I'd like very much to assist with this ticket if it is accepted. (I believe I > have sufficient Java skill to do that, but no real familiarity with C*'s > codebase, yet. :) ) -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15005) Configurable whilelist for UDFs
[ https://issues.apache.org/jira/browse/CASSANDRA-15005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16807101#comment-16807101 ] A. Soroka commented on CASSANDRA-15005: --- [~jmeredithco], I finally had a chance to start on this. I've got a branch at [https://github.com/apache/cassandra/compare/trunk...ajs6f:CASSANDRA-15005-trunk?expand=1] and it currently is different from yours only a little bit: it is based off {{trunk}}, I modified your code just a bit to differentiate another error condition and used the Stream API a little more than did you, I added a simple unit test and a bit of text for {{doc/source/cql/functions.rst}}. I hope this is useful-- this is my first attempt to contribute, so please do correct me when you have time! I look forward to learning. > Configurable whilelist for UDFs > --- > > Key: CASSANDRA-15005 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15005 > Project: Cassandra > Issue Type: Improvement > Components: CQL/Interpreter >Reporter: A. Soroka >Priority: Low > > I would like to use the UDF system to distribute some simple calculations on > values. For some use cases, this would require access only to some Java API > classes that aren't on the (hardcoded) whitelist (e.g. > {{java.security.MessageDigest}}). In other cases, it would require access to > a little non-C* library code, pre-distributed to nodes by out-of-band means. > As I understand the situation now, the whitelist for types UDFs can use is > hardcoded in java in > [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].] > This ticket, then, is a request for a facility that would allow that list to > be extended via some kind of deployment-time configuration. I realize that > serious security concerns immediately arise for this kind of functionality, > but I hope that by restricting it (only used during startup, no exposing the > whitelist for introspection, etc.) it could be quite practical. > I'd like very much to assist with this ticket if it is accepted. (I believe I > have sufficient Java skill to do that, but no real familiarity with C*'s > codebase, yet. :) ) -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15005) Configurable whilelist for UDFs
[ https://issues.apache.org/jira/browse/CASSANDRA-15005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16793710#comment-16793710 ] A. Soroka commented on CASSANDRA-15005: --- [~jmeredithco] I just realized that your branch being from the 3.0 line means it runs up against the code freeze for that branch. I didn't understand what you meant by writing "I'm also not sure what version this could land in with the current freeze on trunk." but now I see that there's a problem there. I can try rewriting this patch for {{trunk/4.0}} if you think that would be feasible/better? > Configurable whilelist for UDFs > --- > > Key: CASSANDRA-15005 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15005 > Project: Cassandra > Issue Type: Improvement > Components: CQL/Interpreter >Reporter: A. Soroka >Priority: Low > > I would like to use the UDF system to distribute some simple calculations on > values. For some use cases, this would require access only to some Java API > classes that aren't on the (hardcoded) whitelist (e.g. > {{java.security.MessageDigest}}). In other cases, it would require access to > a little non-C* library code, pre-distributed to nodes by out-of-band means. > As I understand the situation now, the whitelist for types UDFs can use is > hardcoded in java in > [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].] > This ticket, then, is a request for a facility that would allow that list to > be extended via some kind of deployment-time configuration. I realize that > serious security concerns immediately arise for this kind of functionality, > but I hope that by restricting it (only used during startup, no exposing the > whitelist for introspection, etc.) it could be quite practical. > I'd like very much to assist with this ticket if it is accepted. (I believe I > have sufficient Java skill to do that, but no real familiarity with C*'s > codebase, yet. :) ) -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15005) Configurable whilelist for UDFs
[ https://issues.apache.org/jira/browse/CASSANDRA-15005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16793660#comment-16793660 ] A. Soroka commented on CASSANDRA-15005: --- Ok, cool, thanks [~jmeredithco]! I'll take a crack at adding another test or two to {{CustomFunctionCqlTest}} just to make sure I can, then once I think I understand what's going on I can try and add something for the docs. Sound like a useful way to spend time until the 23rd? > Configurable whilelist for UDFs > --- > > Key: CASSANDRA-15005 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15005 > Project: Cassandra > Issue Type: Improvement > Components: CQL/Interpreter >Reporter: A. Soroka >Priority: Low > > I would like to use the UDF system to distribute some simple calculations on > values. For some use cases, this would require access only to some Java API > classes that aren't on the (hardcoded) whitelist (e.g. > {{java.security.MessageDigest}}). In other cases, it would require access to > a little non-C* library code, pre-distributed to nodes by out-of-band means. > As I understand the situation now, the whitelist for types UDFs can use is > hardcoded in java in > [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].] > This ticket, then, is a request for a facility that would allow that list to > be extended via some kind of deployment-time configuration. I realize that > serious security concerns immediately arise for this kind of functionality, > but I hope that by restricting it (only used during startup, no exposing the > whitelist for introspection, etc.) it could be quite practical. > I'd like very much to assist with this ticket if it is accepted. (I believe I > have sufficient Java skill to do that, but no real familiarity with C*'s > codebase, yet. :) ) -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15005) Configurable whilelist for UDFs
[ https://issues.apache.org/jira/browse/CASSANDRA-15005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16793632#comment-16793632 ] A. Soroka commented on CASSANDRA-15005: --- I'm really glad to see that, because I would have had to find out about those idioms for testing and so forth the hard way. But I'm not quite sure how the {{CustomFcts}} get connected into CQL. Or have I been misunderstanding the whole time and you haven't been proposing a design in which {{CREATE FUNCTION}} would be used at all, instead a design where the custom functions would just appear in any keyspace alongside built-ins like the ones in {{TimeFcts}}? > Configurable whilelist for UDFs > --- > > Key: CASSANDRA-15005 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15005 > Project: Cassandra > Issue Type: Improvement > Components: CQL/Interpreter >Reporter: A. Soroka >Priority: Low > > I would like to use the UDF system to distribute some simple calculations on > values. For some use cases, this would require access only to some Java API > classes that aren't on the (hardcoded) whitelist (e.g. > {{java.security.MessageDigest}}). In other cases, it would require access to > a little non-C* library code, pre-distributed to nodes by out-of-band means. > As I understand the situation now, the whitelist for types UDFs can use is > hardcoded in java in > [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].] > This ticket, then, is a request for a facility that would allow that list to > be extended via some kind of deployment-time configuration. I realize that > serious security concerns immediately arise for this kind of functionality, > but I hope that by restricting it (only used during startup, no exposing the > whitelist for introspection, etc.) it could be quite practical. > I'd like very much to assist with this ticket if it is accepted. (I believe I > have sufficient Java skill to do that, but no real familiarity with C*'s > codebase, yet. :) ) -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15005) Configurable whilelist for UDFs
[ https://issues.apache.org/jira/browse/CASSANDRA-15005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16793044#comment-16793044 ] A. Soroka commented on CASSANDRA-15005: --- Hello, [~jmeredithco]! I think I might have a bit of time myself in the next few weeks to look at this. If nothing else, I can get more familiarity with the C* codebase. Do you have any suggestions or advice (or warnings!)? I was thinking that we could try something like a list in {{cassandra.yaml}} of Java types, a la: {code:yaml} extraWhitelistedUDFs: com.my.company.cassandra.functions.myCoolFunc com.my.company.cassandra.functions.myOtherFunc {code} Then I could change {{UDFunction}} to use that list in addition to the white/blacklists already in {{UDFunction}} to determine whether a {{CREATE FUNCTION}} is "kosher" or not. Does that sound like a reasonable way to set off? Thanks! > Configurable whilelist for UDFs > --- > > Key: CASSANDRA-15005 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15005 > Project: Cassandra > Issue Type: Improvement > Components: CQL/Interpreter >Reporter: A. Soroka >Priority: Low > > I would like to use the UDF system to distribute some simple calculations on > values. For some use cases, this would require access only to some Java API > classes that aren't on the (hardcoded) whitelist (e.g. > {{java.security.MessageDigest}}). In other cases, it would require access to > a little non-C* library code, pre-distributed to nodes by out-of-band means. > As I understand the situation now, the whitelist for types UDFs can use is > hardcoded in java in > [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].] > This ticket, then, is a request for a facility that would allow that list to > be extended via some kind of deployment-time configuration. I realize that > serious security concerns immediately arise for this kind of functionality, > but I hope that by restricting it (only used during startup, no exposing the > whitelist for introspection, etc.) it could be quite practical. > I'd like very much to assist with this ticket if it is accepted. (I believe I > have sufficient Java skill to do that, but no real familiarity with C*'s > codebase, yet. :) ) -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15005) Configurable whilelist for UDFs
[ https://issues.apache.org/jira/browse/CASSANDRA-15005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16777994#comment-16777994 ] A. Soroka commented on CASSANDRA-15005: --- Marvelous, [~jmeredithco]! I would be happy to help any way I can, just ping me here or on-list. Thanks! > Configurable whilelist for UDFs > --- > > Key: CASSANDRA-15005 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15005 > Project: Cassandra > Issue Type: Improvement > Components: CQL/Interpreter >Reporter: A. Soroka >Priority: Minor > > I would like to use the UDF system to distribute some simple calculations on > values. For some use cases, this would require access only to some Java API > classes that aren't on the (hardcoded) whitelist (e.g. > {{java.security.MessageDigest}}). In other cases, it would require access to > a little non-C* library code, pre-distributed to nodes by out-of-band means. > As I understand the situation now, the whitelist for types UDFs can use is > hardcoded in java in > [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].] > This ticket, then, is a request for a facility that would allow that list to > be extended via some kind of deployment-time configuration. I realize that > serious security concerns immediately arise for this kind of functionality, > but I hope that by restricting it (only used during startup, no exposing the > whitelist for introspection, etc.) it could be quite practical. > I'd like very much to assist with this ticket if it is accepted. (I believe I > have sufficient Java skill to do that, but no real familiarity with C*'s > codebase, yet. :) ) -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15005) Configurable whilelist for UDFs
[ https://issues.apache.org/jira/browse/CASSANDRA-15005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16773173#comment-16773173 ] A. Soroka commented on CASSANDRA-15005: --- Hi, [~jmeredithco], thanks very much for checking in! Do I understand the distinction you're making to be that between: # UDFs, for which C* is responsible for parsing syntax, developing JVM bytecode, and distributing the resulting executable function, and # functions-via-distributed-JARs, in which the _client_ is responsible for all of those things, and the CQL end of things would just entail a mapping between a fresh CQL function name and a Java method reference (or something like that) ? If so, then definitely yes, the latter would resolve my use case deliciously. I'm after the ability to distribute lightweight computations next to my data, and I'm happy to organize the management of that process from the client-side; I don't need or even want to make C* do that work for me. Did I understand you correctly (I hope!)? > Configurable whilelist for UDFs > --- > > Key: CASSANDRA-15005 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15005 > Project: Cassandra > Issue Type: Improvement > Components: CQL/Interpreter >Reporter: A. Soroka >Priority: Minor > > I would like to use the UDF system to distribute some simple calculations on > values. For some use cases, this would require access only to some Java API > classes that aren't on the (hardcoded) whitelist (e.g. > {{java.security.MessageDigest}}). In other cases, it would require access to > a little non-C* library code, pre-distributed to nodes by out-of-band means. > As I understand the situation now, the whitelist for types UDFs can use is > hardcoded in java in > [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].] > This ticket, then, is a request for a facility that would allow that list to > be extended via some kind of deployment-time configuration. I realize that > serious security concerns immediately arise for this kind of functionality, > but I hope that by restricting it (only used during startup, no exposing the > whitelist for introspection, etc.) it could be quite practical. > I'd like very much to assist with this ticket if it is accepted. (I believe I > have sufficient Java skill to do that, but no real familiarity with C*'s > codebase, yet. :) ) -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15005) Configurable whilelist for UDFs
[ https://issues.apache.org/jira/browse/CASSANDRA-15005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16772050#comment-16772050 ] A. Soroka commented on CASSANDRA-15005: --- Thank you for the response [~cscotta]. I've only gotten as far as beginning to set up C* in my IDE, so I'm afraid I haven't done much. Perhaps that's good, though, because if [~jmeredithco] is also interested in this, I do not want to tread on toes or redo someone else's work. I'll wait to hear from him. > Configurable whilelist for UDFs > --- > > Key: CASSANDRA-15005 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15005 > Project: Cassandra > Issue Type: Improvement > Components: CQL/Interpreter >Reporter: A. Soroka >Priority: Minor > > I would like to use the UDF system to distribute some simple calculations on > values. For some use cases, this would require access only to some Java API > classes that aren't on the (hardcoded) whitelist (e.g. > {{java.security.MessageDigest}}). In other cases, it would require access to > a little non-C* library code, pre-distributed to nodes by out-of-band means. > As I understand the situation now, the whitelist for types UDFs can use is > hardcoded in java in > [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].] > This ticket, then, is a request for a facility that would allow that list to > be extended via some kind of deployment-time configuration. I realize that > serious security concerns immediately arise for this kind of functionality, > but I hope that by restricting it (only used during startup, no exposing the > whitelist for introspection, etc.) it could be quite practical. > I'd like very much to assist with this ticket if it is accepted. (I believe I > have sufficient Java skill to do that, but no real familiarity with C*'s > codebase, yet. :) ) -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRA-15005) Configurable whilelist for UDFs
A. Soroka created CASSANDRA-15005: - Summary: Configurable whilelist for UDFs Key: CASSANDRA-15005 URL: https://issues.apache.org/jira/browse/CASSANDRA-15005 Project: Cassandra Issue Type: Improvement Components: CQL/Interpreter Reporter: A. Soroka I would like to use the UDF system to distribute some simple calculations on values. For some use cases, this would require access only to some Java API classes that aren't on the (hardcoded) whitelist (e.g. {{java.security.MessageDigest}}). In other cases, it would require access to a little non-C* library code, pre-distributed to nodes by out-of-band means. As I understand the situation now, the whitelist for types UDFs can use is hardcoded in java in [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].] This ticket, then, is a request for a facility that would allow that list to be extended via some kind of deployment-time configuration. I realize that serious security concerns immediately arise for this kind of functionality, but I hope that by restricting it (only used during startup, no exposing the whitelist for introspection, etc.) it could be quite practical. I'd like very much to assist with this ticket if it is accepted. (I believe I have sufficient Java skill to do that, but no real familiarity with C*'s codebase, yet. :) ) -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org