You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Robert Stupp (JIRA)" <ji...@apache.org> on 2015/07/24 15:14:05 UTC
[jira] [Commented] (CASSANDRA-9892) Add support for unsandboxed UDF
[ https://issues.apache.org/jira/browse/CASSANDRA-9892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14640431#comment-14640431 ]
Robert Stupp commented on CASSANDRA-9892:
-----------------------------------------
I agree, having this using a syntax extension to CREATE FUNCTION is much nicer.
I'm a bit confused with the wording _(un)trusted_
Shouldn't it be CREATE TRUSTED instead of UNTRUSTED to bypass the sandbox and CREATE TRUSTED FUNCTION?
If I _trust_ a function, it can execute without being sandboxed.
When having this, I would remove the (then) superfluous, undocumented config option {{enable_user_defined_functions_threads}}.
> Add support for unsandboxed UDF
> -------------------------------
>
> Key: CASSANDRA-9892
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9892
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Jonathan Ellis
> Assignee: Robert Stupp
> Priority: Minor
>
> From discussion on CASSANDRA-9402,
> The approach postgresql takes is to distinguish between "trusted" (sandboxed) and "untrusted" (anything goes) UDF languages.
> Creating an untrusted language always requires superuser mode. Once that is done, creating functions in it requires nothing special.
> Personally I would be fine with this approach, but I think it would be more useful to have the extra permission on creating the function, and also wouldn't require adding explicit CREATE LANGUAGE.
> So I'd suggest just providing different CQL permissions for trusted and untrusted, i.e. if you have CREATE FUNCTION permission that allows you to create sandboxed UDF, but you can only create unsandboxed if you have CREATE UNTRUSTED.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)