You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "T Jake Luciani (JIRA)" <ji...@apache.org> on 2015/05/15 19:43:01 UTC

[jira] [Commented] (CASSANDRA-9402) Verify default UDF config is secure

    [ https://issues.apache.org/jira/browse/CASSANDRA-9402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14545856#comment-14545856 ] 

T Jake Luciani commented on CASSANDRA-9402:
-------------------------------------------

We should also be sandboxing the code, restricting access to things like opening files and sockets http://www.jayway.com/2014/06/13/sandboxing-plugins-in-java/

> Verify default UDF config is secure
> -----------------------------------
>
>                 Key: CASSANDRA-9402
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9402
>             Project: Cassandra
>          Issue Type: Task
>            Reporter: T Jake Luciani
>            Assignee: Robert Stupp
>             Fix For: 2.2 rc1
>
>
> We want to avoid a security exploit for our users.  We need to make sure we ship 2.2 UDFs with good defaults so someone exposing it to the internet accidentally doesn't open themselves up to having arbitrary code run.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)