Jenkins build became unstable: Cassandra-Coverage #16

2011-03-29 Thread Apache Hudson Server
See

Build failed in Jenkins: Cassandra #818

2011-03-29 Thread Apache Hudson Server
See Changes: [eevans] allow but do not require semicolon in batch updates Patch by eevans [eevans] allow exactly one PRIMARY KEY definition Patch by eevans [eevans] CQL support for typed keys Patch by eevans --

Re: PHP Cassandra CQL driver

2011-03-29 Thread Eric Evans
On Tue, 2011-03-29 at 17:22 -0500, Jonathan Ellis wrote: > >> My suggestion as a means of heavily mitigating the damage of these > >> attacks would be to only permit a single query at a time (i.e. > >> remove the ';' token). > > > > This is effectively the case. The parser is run exactly once for

Re: PHP Cassandra CQL driver

2011-03-29 Thread Jonathan Ellis
It only really makes sense for mutations. On Mar 29, 2011 6:32 PM, "Courtney Robinson" wrote: > Comments inline... > > On Tue, Mar 29, 2011 at 5:00 PM, Eric Evans wrote: My suggestion as a means of heavily mitigating the damage of these attacks would be to only permit a single query at

Re: PHP Cassandra CQL driver

2011-03-29 Thread Courtney Robinson
Comments inline... On Tue, Mar 29, 2011 at 5:00 PM, Eric Evans wrote: My suggestion as a means of heavily mitigating the damage of these attacks would be to only permit a single query at a time (i.e. remove the ';' token). This is effectively the case. The parser is run exactly once for eac

Re: PHP Cassandra CQL driver

2011-03-29 Thread Jonathan Ellis
On Tue, Mar 29, 2011 at 5:00 PM, Eric Evans wrote: >> My suggestion as a means of heavily mitigating the damage of these >> attacks would be to only permit a single query at a time (i.e. remove >> the ';' token). > > This is effectively the case.  The parser is run exactly once for each > request

Re: PHP Cassandra CQL driver

2011-03-29 Thread Eric Evans
On Tue, 2011-03-29 at 12:06 +0100, Nick Telford wrote: > With regards to injection, I saw someone state "it's a red herring as > it's a client concern". While this may be true, experience teaches us > that pushing the responsibility to the client is dangerous due to the > many implementations. At

Build failed in Jenkins: Cassandra #816

2011-03-29 Thread Apache Hudson Server
See Changes: [jbellis] merge validateKey/validateKeyType, add CF validation to cql, add comparator to cql name validation. fixes test NPE. patch by jbellis [jbellis] disallow querying a counter CF with non-counter operation patch by

Re: PHP Cassandra CQL driver

2011-03-29 Thread Nick Telford
I have to say I'm not a huge fan of reverse-engineering the interface, especially not from the Java implementation. I think we'd be better off using the other drivers (in particular, the python driver) as inspiration and then craft an interface that fits in with PHP. With regards to injection, I s

Re: PHP Cassandra CQL driver

2011-03-29 Thread Jake Farrell
A c++ pdo would work great and easily integrate with thrift to make talking back to cassandra easy. Also if this c++ core was made as a shared object then php/python drivers could be simple wrappers that called into it, thus giving CQL a c++, php and python driver all inheriting from the same c

Re: PHP Cassandra CQL driver

2011-03-29 Thread Eric Evans
On Tue, 2011-03-29 at 10:34 +0100, Courtney Robinson wrote: > Firstly, has it already been taken into consideration that CQL > implicitly means injections may become a problem? It is only possible to submit one query at a time w/ CQL. -- Eric Evans eev...@rackspace.com

Re: PHP Cassandra CQL driver

2011-03-29 Thread Jonathan Ellis
On Tue, Mar 29, 2011 at 9:41 AM, Courtney Robinson wrote: > My suggestion as a means of heavily mitigating the damage of these attacks > would be to only permit a single query at a time (i.e. remove the ';' token). > Only trusted, administrative client applications (e.g. a GUI or console) > sho

Re: PHP Cassandra CQL driver

2011-03-29 Thread Courtney Robinson
Great work, guys! Glad to see CQL picking up steam. I think it will be a game-changer for adoption. Hopefully! Firstly, has it already been taken into consideration that CQL implicitly means injections may become a problem? Absolutely. The same best practices for a SQL driver apply: parametr

Re: PHP Cassandra CQL driver

2011-03-29 Thread Courtney Robinson
This is the last post on the dev list, moving over to client-dev Agreed on the reverse eng. of the java driver. Dave has dome some classes/interfaces based off the python version. He’s going to commit them when he gets a chance. From: Nick Telford Sent: Tuesday, March 29, 2011 12:06 PM To: dev@

Re: PHP Cassandra CQL driver

2011-03-29 Thread Jonathan Ellis
On Tue, Mar 29, 2011 at 4:34 AM, Courtney Robinson wrote: > Okay, Dave Gardner, Nick Telford and myself met at the London Cassandra > meetup. > We were keen on getting a PHP CQL driver done and decided to use github while > working on it. Great work, guys! Glad to see CQL picking up steam. I th

PHP Cassandra CQL driver

2011-03-29 Thread Courtney Robinson
Okay, Dave Gardner, Nick Telford and myself met at the London Cassandra meetup. We were keen on getting a PHP CQL driver done and decided to use github while working on it. This mail is mainly to raise awareness of this as well as to ask a few questions and throw a few things out there that came