mirrors/scylladb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f76f6dbccb2b5a4e11ecef3c0545eb666a88bcba
scylladb/docs
History
Nadav Har'El f76f6dbccb secondary index: avoid special characters in default index names 
In CQL, table names are limited to so-called word characters (letters,
numbers and underscores), but column names don't have such a limitation.
When we create a secondary index, its default name is constructed from
the column name - so can contain problematic characters. It can include
even the "/" character. The problem is that the index name is then used,
like a table name, to create a directory with that name.

The test included in this patch demonstrates that before this patch, this
can be misused to create subdirectories anywhere in the filesystem, or to
crash Scylla when it fails to create a directory (which it considers an
unrecoverable I/O error).

In this patch we do what Cassandra does - remove all non-word
characters from the indexed column name before constructing the default
index name. In the included test - which can run on both Scylla and
Cassandra - we verify that the constructed index name is the same as
in Cassandra, which is useful to know (e.g., because knowing the index
name is needed to DROP the index).

Also, this patch adds a second line of defense against the security problem
described above: It is now an error to create a schema with a slash or
null (the two characters not allowed in Unix filenames) in the keyspace
or table names. So if the first line of defense (CQL checking the validity
of its commands) fails, we'll have that second line of defense. I verified
that if I revert the default-index-name fix, the second line of defense
kicks in, and the index creation is aborted and cannot create files in
the wrong place to crash Scylla.

Fixes #3403

Signed-off-by: Nadav Har'El <nyh@scylladb.com>
Message-Id: <20220320162543.3091121-1-nyh@scylladb.com>
2022-03-20 18:33:48 +02:00
..
_utils
docs: update theme 1.1
2022-02-09 11:13:38 +00:00
alternator
alternator: updated compatibility.md about TTL feature
2022-02-25 07:26:11 +02:00
contribute
fix some typo in docs
2021-11-02 19:59:16 +03:00
design-notes
secondary index: avoid special characters in default index names
2022-03-20 18:33:48 +02:00
guides
Update debugging.md
2021-11-19 14:21:53 +03:00
conf.py
Add missing lexer
2022-02-09 11:25:10 +00:00
contents.rst
docs: update theme 1.1
2022-02-09 11:13:38 +00:00
index.md
docs: added theme
2020-12-03 17:37:18 +01:00
Makefile
docs: update theme 1.1
2022-02-09 11:13:38 +00:00
pyproject.toml
docs: update theme 1.1
2022-02-09 11:13:38 +00:00
README.md
docs/README.md: guides: also mention running and debugging
2021-01-20 16:07:29 +02:00

README.md

Scylla Developer Documentation

This documentation targets developers who are interested in contributing to Scylla codebase.

Contents

  • Alternator - The open source DynamoDB-compatible API reference.
  • Design notes - Explanations describing how new features work for other contributors and exploratory research.
  • Guides - Instructions on how to build, run, test and debug the Scylla codebase.
  • Contribute - Guidelines on how to contribute and maintain the project.

Other Useful Documents and Links

Reference in New Issue View Git Blame Copy Permalink