Reputation: 23
User Defined Functions Security Risk
I read that if I set my enable_user_defined_functions true in the cassandra.yaml then the User defined functions (UDFs) present a security risk, since they are executed on the server side. In Cassandra 3.0 and later, UDFs are executed in a sandbox to contain the execution of malicious code. They are disabled by default. My question is are they executed in the sandbox after I set enable_user_defined_functions true?
Upvotes: 1
Views: 181
Answers (1)
Reputation: 16410
Unless you explicitly set enable_user_defined_functions_threads to false (which you really shouldn't do) the UDFs will be run asynchronously to a pool locked down with limited security manager and special class loader.
You should still only allow trusted sources for your UDF code though incase there are security bugs.
Upvotes: 1
Related Questions
- Are Cassandra user defined data types recommended in view of performance?
- Implementing sketches in Cassandra using UDF and UDA
- How can I create User Defined Functions in Cassandra with Custom Java Class?
- cassandra CQL not use UDF in where
- Cassandra: How to reference a field in user defined type in a user defined function (Java)
- User Defined Functions and Aggregate in Cassandra
- Cassandra Accessor and "CQL" injection
- Pros and Cons of Cassandra User Defined Functions
- Does Cassandra allow user defined function in where clause?
- Handling the following use case in Cassandra?