[jira] [Created] (CASSANDRA-15005) Configurable whilelist for UDFs

["A. Soroka (JIRA)" <ji...@apache.org>]

A. Soroka created CASSANDRA-15005:
-------------------------------------

             Summary: Configurable whilelist for UDFs
                 Key: CASSANDRA-15005
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15005
             Project: Cassandra
          Issue Type: Improvement
          Components: CQL/Interpreter
            Reporter: A. Soroka


I would like to use the UDF system to distribute some simple calculations on values. For some use cases, this would require access only to some Java API classes that aren't on the (hardcoded) whitelist (e.g. {{java.security.MessageDigest}}). In other cases, it would require access to a little non-C* library code, pre-distributed to nodes by out-of-band means.

As I understand the situation now, the whitelist for types UDFs can use is hardcoded in java in [UDFunction|[https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L99].]

This ticket, then, is a request for a facility that would allow that list to be extended via some kind of deployment-time configuration. I realize that serious security concerns immediately arise for this kind of functionality, but I hope that by restricting it (only used during startup, no exposing the whitelist for introspection, etc.) it could be quite practical.

I'd like very much to assist with this ticket if it is accepted. (I believe I have sufficient Java skill to do that, but no real familiarity with C*'s codebase, yet. :) )



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org