My first interaction with cassandra: ../nodeprobe -p 9160 ...
Hum I can't seem to reach it :) Ow its no longer running...
You've come along way baby.
On Thu, Jun 20, 2013 at 12:59 PM, Robert Coli wrote:
> On Thu, Jun 20, 2013 at 2:15 AM, aaron morton
> wrote:
> >> As for the thrift side (i.e.
On Thu, Jun 20, 2013 at 2:15 AM, aaron morton wrote:
>> As for the thrift side (i.e. using Hector or Astyanax), anyone have a crafty
>> way to inject something?
>
> The only thing I've ever heard of coming close was a thrift bug that allowed
> a malformed request to crash the server. But that wa
intended recipient is
> strictly prohibited.
>
>
>
> From: Sylvain Lebresne
> Reply-To:
> Date: Tuesday, June 18, 2013 8:51 AM
> To: "user@cassandra.apache.org"
> Subject: Re: "SQL" Injection C* (via CQL & Thrift)
>
> If you'
ent is
strictly prohibited.
From: Sylvain Lebresne
Reply-To:
Date: Tuesday, June 18, 2013 8:51 AM
To: "user@cassandra.apache.org"
Subject: Re: "SQL" Injection C* (via CQL & Thrift)
If you're not careful, then "CQL injection" is possible.
Say you n
If you're not careful, then "CQL injection" is possible.
Say you naively build you query with
"UPDATE foo SET col='" + user_input + "' WHERE key = 'k'"
then if user_input is "foo' AND col2='bar", your user will have overwritten
a column it shouldn't have been able to. And something equivalent in
Mostly for fun, I wanted to throw this out there...
We are undergoing a security audit for our platform (C* + Elastic Search +
Storm). One component of that audit is susceptibility to SQL injection. I
was wondering if anyone has attempted to construct a SQL injection attack
against Cassandra? I
