It only really makes sense for mutations.
On Mar 29, 2011 6:32 PM, "Courtney Robinson" <sa...@live.co.uk> wrote:
> Comments inline...
>
> On Tue, Mar 29, 2011 at 5:00 PM, Eric Evans <eev...@rackspace.com> wrote:
>>>> My suggestion as a means of heavily mitigating the damage of these
>>>> attacks would be to only permit a single query at a time (i.e. remove
>>>> the ';' token).
>>
>>> This is effectively the case. The parser is run exactly once for each
>>> request and is only capable of parsing exactly one statement (no less,
>>> no more). Terminating a query with ';' is allowed, but has no effect on
>>> this.
>
>>Batches allow multiple semicolon-delimited statements.
>>I think we'd need to have a separate cql_batch rpc method that took a
>>list of statements to solve this. (I.e., begin/apply batch and the
>>semicolons would be strictly interactive markers that would be used to
>>break it up into the statements to send in that list.)
>
> So effectively cql_batch accepts a list something like:
> List<Statement> batchStatments;
> cql_batch(batchStatments);
>
> where each Statement in the list is limited to exactly one... select or
> whatever ?
> Making it one call to the server but then each statement is processed
> separately...
>
