On Tue, 2011-03-29 at 17:22 -0500, Jonathan Ellis wrote:
> >> My suggestion as a means of heavily mitigating the damage of these
> >> attacks would be to only permit a single query at a time (i.e.
> >> remove the ';' token).
> >
> > This is effectively the case. The parser is run exactly once for
It only really makes sense for mutations.
On Mar 29, 2011 6:32 PM, "Courtney Robinson" wrote:
> Comments inline...
>
> On Tue, Mar 29, 2011 at 5:00 PM, Eric Evans wrote:
My suggestion as a means of heavily mitigating the damage of these
attacks would be to only permit a single query at
Comments inline...
On Tue, Mar 29, 2011 at 5:00 PM, Eric Evans wrote:
My suggestion as a means of heavily mitigating the damage of these
attacks would be to only permit a single query at a time (i.e. remove
the ';' token).
This is effectively the case. The parser is run exactly once for eac
On Tue, Mar 29, 2011 at 5:00 PM, Eric Evans wrote:
>> My suggestion as a means of heavily mitigating the damage of these
>> attacks would be to only permit a single query at a time (i.e. remove
>> the ';' token).
>
> This is effectively the case. The parser is run exactly once for each
> request
On Tue, 2011-03-29 at 12:06 +0100, Nick Telford wrote:
> With regards to injection, I saw someone state "it's a red herring as
> it's a client concern". While this may be true, experience teaches us
> that pushing the responsibility to the client is dangerous due to the
> many implementations. At
I have to say I'm not a huge fan of reverse-engineering the interface,
especially not from the Java implementation. I think we'd be better off
using the other drivers (in particular, the python driver) as inspiration
and then craft an interface that fits in with PHP.
With regards to injection, I s
A c++ pdo would work great and easily integrate with thrift to make talking
back to cassandra easy. Also if this c++ core was made as a shared object then
php/python drivers could be simple wrappers that called into it, thus giving
CQL a c++, php and python driver all inheriting from the same c
On Tue, 2011-03-29 at 10:34 +0100, Courtney Robinson wrote:
> Firstly, has it already been taken into consideration that CQL
> implicitly means injections may become a problem?
It is only possible to submit one query at a time w/ CQL.
--
Eric Evans
eev...@rackspace.com
On Tue, Mar 29, 2011 at 9:41 AM, Courtney Robinson wrote:
> My suggestion as a means of heavily mitigating the damage of these attacks
> would be to only permit a single query at a time (i.e. remove the ';' token).
> Only trusted, administrative client applications (e.g. a GUI or console)
> sho
Great work, guys! Glad to see CQL picking up steam. I think it will be
a game-changer for adoption.
Hopefully!
Firstly, has it already been taken into consideration that CQL implicitly
means injections may become a problem?
Absolutely. The same best practices for a SQL driver apply:
parametr
@cassandra.apache.org ; client-...@cassandra.apache.org
Cc: Courtney Robinson
Subject: Re: PHP Cassandra CQL driver
I have to say I'm not a huge fan of reverse-engineering the interface,
especially not from the Java implementation. I think we'd be better off using
the other d
On Tue, Mar 29, 2011 at 4:34 AM, Courtney Robinson wrote:
> Okay, Dave Gardner, Nick Telford and myself met at the London Cassandra
> meetup.
> We were keen on getting a PHP CQL driver done and decided to use github while
> working on it.
Great work, guys! Glad to see CQL picking up steam. I th
Okay, Dave Gardner, Nick Telford and myself met at the London Cassandra meetup.
We were keen on getting a PHP CQL driver done and decided to use github while
working on it.
This mail is mainly to raise awareness of this as well as to ask a few
questions and throw a few things
out there that came
13 matches
Mail list logo
