You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Josh McKenzie (Jira)" <ji...@apache.org> on 2021/09/30 18:01:00 UTC

[jira] [Commented] (CASSANDRA-15005) Configurable whilelist for UDFs

    [ https://issues.apache.org/jira/browse/CASSANDRA-15005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17422947#comment-17422947 ] 

Josh McKenzie commented on CASSANDRA-15005:
-------------------------------------------

ping [~ajs6f] - did you end up using this in production in the interim? And would you like to pick this back up for a possible 4.1 release? I'm happy to take on review of this for you; just let me know.

> Configurable whilelist for UDFs
> -------------------------------
>
>                 Key: CASSANDRA-15005
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15005
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: CQL/Interpreter
>            Reporter: Adam Soroka
>            Priority: Low
>
> I would like to use the UDF system to distribute some simple calculations on values. For some use cases, this would require access only to some Java API classes that aren't on the (hardcoded) whitelist (e.g. {{java.security.MessageDigest}}). In other cases, it would require access to a little non-C* library code, pre-distributed to nodes by out-of-band means.
> As I understand the situation now, the whitelist for types UDFs can use is hardcoded in java in [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].]
> This ticket, then, is a request for a facility that would allow that list to be extended via some kind of deployment-time configuration. I realize that serious security concerns immediately arise for this kind of functionality, but I hope that by restricting it (only used during startup, no exposing the whitelist for introspection, etc.) it could be quite practical.
> I'd like very much to assist with this ticket if it is accepted. (I believe I have sufficient Java skill to do that, but no real familiarity with C*'s codebase, yet. :) )



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org