cassieq icon indicating copy to clipboard operation
cassieq copied to clipboard

Published 20 hours ago verified publisher icon paradoxical-io

Non-atomic update in addNewKey

Open lucasbru opened this issue 7 years ago • 3 comments

In the file: cassieq/core/src/main/java/io/paradoxical/cassieq/admin/resources/api/v1/AccountResource.java

The addNewKey operation is not safe for concurrent addition of keys - one will overwrite the other. For example, two clients inserting a key (one inserts, 581, indented one inserts 536).

SELECT keys FROM account WHERE account = ‘webapp’ 
             SELECT keys FROM account WHERE account = ‘webapp’ 
UPDATE account SET keys = {102, 581} WHERE account = ‘webapp’
             UPDATE account SET keys = {102, 536} WHERE account = ‘webapp’

It should instead use the set addition operator:

UPDATE account SET keys = keys + {581} WHERE account = ‘webapp’

https://docs.datastax.com/en/cql/3.1/cql/cql_using/use_set_t.html

lucasbru avatar Oct 24 '17 09:10 lucasbru