[
https://issues.apache.org/jira/browse/CASSANDRA-9889?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14641771#comment-14641771
]
Jonathan Ellis commented on CASSANDRA-9889:
-------------------------------------------
bq. Requiring that permission for script-UDFs would effectively always disable
the sandbox for them.
Well, it's acknowledging reality, which is that if you allow users to create
scripted UDFs then you need to trust them not to do something dumb.
> Disable scripted UDFs by default
> --------------------------------
>
> Key: CASSANDRA-9889
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9889
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Robert Stupp
> Assignee: Robert Stupp
> Priority: Minor
> Fix For: 3.0.0 rc1
>
>
> (Follow-up to CASSANDRA-9402)
> TL;DR this ticket is about to add an other config option to enable scripted
> UDFs.
> Securing Java-UDFs is much easier than scripted UDFs.
> The secure execution of scripted UDFs heavily relies on "how secure" a
> particular script provider implementation is. Nashorn is probably pretty good
> at this - but (as discussed offline with [~iamaleksey]) we are not certain.
> This becomes worse with other JSR-223 providers (which need to be installed
> by the user anyway).
> E.g.:
> {noformat}
> # Enables use of scripted UDFs.
> # Java UDFs are always enabled, if enable_user_defined_functions is true.
> # Enable this option to be able to use UDFs with "language javascript" or any
> custom JSR-223 provider.
> enable_scripted_user_defined_functions: false
> {noformat}
> TBH: I would feel more comfortable to have this one. But we should review
> this along with enable_user_defined_functions for 4.0.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)