[ https://issues.apache.org/jira/browse/CASSANDRA-9402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14640315#comment-14640315 ]
Sylvain Lebresne commented on CASSANDRA-9402: --------------------------------------------- bq. But I would still strongly prefer them to be off by default, at least until 4.0. I don't have strong feeling and I'm fine with not defaulting them on for 3.0, though if we get more confident about this before 4.0, I don't think we should feel obliged to wait for a major version to make the on by default. Anyway, just wanted to make sure we at least don't call them experimental anymore for 3.0. It's ok to say we prefer having it opt-in for now because we're not entirely confident on our protections and you should assert the risk for yourself, but "expiremental" sounds like "don't use it in production it probably doesn't work". > Implement proper sandboxing for UDFs > ------------------------------------ > > Key: CASSANDRA-9402 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9402 > Project: Cassandra > Issue Type: Task > Reporter: T Jake Luciani > Assignee: Robert Stupp > Priority: Critical > Labels: docs-impacting, security > Fix For: 3.0 beta 1 > > Attachments: 9402-post-disable.txt, 9402-warning.txt > > > We want to avoid a security exploit for our users. We need to make sure we > ship 2.2 UDFs with good defaults so someone exposing it to the internet > accidentally doesn't open themselves up to having arbitrary code run. -- This message was sent by Atlassian JIRA (v6.3.4#6332)