Re: UDF related question

2018-04-03 Thread Scott Andreas 
Hi Kant,

A common pattern in sandboxing (semi-)untrusted code* in Java processes is to 
make use of a 
SecurityManager
 with an associated 
Policy. 
These can be used to define a whitelist of packages permitted to be invoked by 
user code executed in its context.

The implementation of ThreadAwareSecurityManager and SecurityThreadGroup might 
be helpful as an example:
– 
https://github.com/apache/cassandra/blob/cassandra-3.11/src/java/org/apache/cassandra/security/ThreadAwareSecurityManager.java
– 
https://github.com/apache/cassandra/blob/cassandra-3.11/src/java/org/apache/cassandra/security/SecurityThreadGroup.java

For Java-based UDF functions, see also the definition of the UDF bytecode 
verifier defined here:
– 
https://github.com/apache/cassandra/blob/cassandra-3.11/src/java/org/apache/cassandra/cql3/functions/JavaBasedUDFunction.java#L96-L136

---

* I say (semi-) as allowing users to define and execute code within a database 
process implies a fairly high level of trust, and though guarded by a 
SecurityManager and bytecode verifier, may not be a matter to be taken lightly 
depending on the level of security or tenant isolation you require.

On Apr 3, 2018, at 7:13 PM, Kant Kodali 
> wrote:

Hi All,

I was reading the article below and I was wondering how did one manage to block 
all I/O calls given that there is no byte code instruction for I/O in java 
instead all the I/O calls in java will go through invokevirtual byte code 
instruction. But this can call a C function that just add two numbers right. so 
how can one block all I/O calls?

Thanks!

https://www.datastax.com/dev/blog/user-defined-aggregations-with-spark-in-dse-5

UDF related question

2018-04-03 Thread Kant Kodali 
Hi All,

I was reading the article below and I was wondering how did one manage to
block all I/O calls given that there is no byte code instruction for I/O in
java instead all the I/O calls in java will go through *invokevirtual *byte
code instruction. But this can call a C function that just add two numbers
right. so how can one block all I/O calls?

Thanks!

https://www.datastax.com/dev/blog/user-defined-aggregations-with-spark-in-dse-5

Backup & Restore w/ AWS Blog Post

2018-04-03 Thread Jon Haddad 
Hey folks.  We (The Last Pickle) have helped a number of clients set up backup 
& restore on AWS over the last couple of years.  Alain has been working on a 
thorough blog post over the last several months to try to document pros, cons 
and techniques.  Hopefully it proves to be helpful to the community.  

http://thelastpickle.com/blog/2018/04/03/cassandra-backup-and-restore-aws-ebs.html
 


Jon

unsubscribe

2018-04-03 Thread Gerard O' Sullivan

Re: auto_bootstrap for seed node

2018-04-03 Thread kurt greaves 
Setting auto_bootstrap on seed nodes is unnecessary and irrelevant. If the
node is a seed it will ignore auto_bootstrap and it *will not* bootstrap.

On 28 March 2018 at 15:49, Ali Hubail  wrote:

> "it seems that we still need to keep bootstrap false?"
>
> Could you shed some light on what would happen if the auto_bootstrap is
> removed (or set to true as the default value) in the seed nodes of the
> newly added DC?
>
> What do you have in the seeds param of the new DC nodes (cassandra.yaml)?
> Do you reference the old DC seed nodes there as well?
>
> *Ali Hubail*
>
> Email: ali.hub...@petrolink.com | www.petrolink.com
> Confidentiality warning: This message and any attachments are intended
> only for the persons to whom this message is addressed, are confidential,
> and may be privileged. If you are not the intended recipient, you are
> hereby notified that any review, retransmission, conversion to hard copy,
> copying, modification, circulation or other use of this message and any
> attachments is strictly prohibited. If you receive this message in error,
> please notify the sender immediately by return email, and delete this
> message and any attachments from your system. Petrolink International
> Limited its subsidiaries, holding companies and affiliates disclaims all
> responsibility from and accepts no liability whatsoever for the
> consequences of any unauthorized person acting, or refraining from acting,
> on any information contained in this message. For security purposes, staff
> training, to assist in resolving complaints and to improve our customer
> service, email communications may be monitored and telephone calls may be
> recorded.
>
>
> *"Peng Xiao" <2535...@qq.com <2535...@qq.com>>*
>
> 03/28/2018 12:54 AM
> Please respond to
> user@cassandra.apache.org
>
> To
> "user" ,
>
> cc
> Subject
> Re:  auto_bootstrap for seed node
>
>
>
>
> We followed this https://docs.datastax.com/en/cassandra/2.1/cassandra/
> operations/ops_add_dc_to_cluster_t.html,
> but it does not mention that change bootstrap for seed nodes after the
> rebuild.
>
> Thanks,
> Peng Xiao
>
>
> -- Original --
> *From: * "Ali Hubail";
> *Date: * Wed, Mar 28, 2018 10:48 AM
> *To: * "user";
> *Subject: * Re: auto_bootstrap for seed node
>
> You might want to follow DataStax docs on this one:
>
> For adding a DC to an existing cluster:
> *https://docs.datastax.com/en/dse/5.1/dse-admin/datastax_enterprise/operations/opsAddDCToCluster.html*
> 
> For adding a new node to an existing cluster:
> *https://docs.datastax.com/en/dse/5.1/dse-admin/datastax_enterprise/operations/opsAddNodeToCluster.html*
> 
>
> briefly speaking,
> adding one node to an existing cluster --> use auto_bootstrap
> adding a DC to an existing cluster --> rebuild
>
> You need to check the version of c* that you're running, and make sure you
> pick the right doc version for that.
>
> Most of my colleagues miss very important steps while adding/removing
> nodes/cluster, but if they stick to the docs, they always get it done right.
>
> Hope this helps
>
> * Ali Hubail*
>
> Confidentiality warning: This message and any attachments are intended
> only for the persons to whom this message is addressed, are confidential,
> and may be privileged. If you are not the intended recipient, you are
> hereby notified that any review, retransmission, conversion to hard copy,
> copying, modification, circulation or other use of this message and any
> attachments is strictly prohibited. If you receive this message in error,
> please notify the sender immediately by return email, and delete this
> message and any attachments from your system. Petrolink International
> Limited its subsidiaries, holding companies and affiliates disclaims all
> responsibility from and accepts no liability whatsoever for the
> consequences of any unauthorized person acting, or refraining from acting,
> on any information contained in this message. For security purposes, staff
> training, to assist in resolving complaints and to improve our customer
> service, email communications may be monitored and telephone calls may be
> recorded.
>
> *"Peng Xiao" <2535...@qq.com <2535...@qq.com>>*
>
> 03/27/2018 09:39 PM
>
>
> Please respond to
> user@cassandra.apache.org
>
> To
> "user" ,
>
> cc
> Subject
> auto_bootstrap for seed node
>
>
>
>
>
>
> Dear All,
>
> For adding a new DC ,we need to set auto_bootstrap: false and then run the
> rebuild,finally we need to change auto_bootstrap: true,but for seed
> nodes,it seems that we still need to keep bootstrap false?
> Could anyone please confirm?
>
> Thanks,
> Peng Xiao
>

Re: Execute an external program

2018-04-03 Thread kurt greaves 
Correct. Note that both triggers and CDC aren't widely used yet so be sure
to test.

On 28 March 2018 at 13:02, Earl Lapus  wrote:

>
> On Wed, Mar 28, 2018 at 8:39 AM, Jeff Jirsa  wrote:
>
>> CDC may also work for newer versions, but it’ll happen after the mutation
>> is applied
>>
>> --
>> Jeff Jirsa
>>
>>
> "after the mutation is applied" means after the query is executed?
>
>