Security Practices for UDFs and Procedures¶
This topic describes best practices for writing secure user-defined functions (UDFs) and procedures.
Practices for UDF Handlers¶
Your function or method (and any library functions or methods that you call) must act as a pure function, acting only on the data it receives and returning a value based on that data, without causing side-effects. Your code should not attempt to affect the state of the underlying system, other than consuming a reasonable amount of memory and processor time.
Practices for Procedure and UDF Handlers¶
Handler code executes within a restricted engine. Neither your code nor the code in library methods that you use should employ any prohibited system calls, including:
Process control. For example, you cannot fork a process. (However, you can use multiple threads.)
Access to the file system on which the handler is running.
With the following exceptions, a handler should not read or write files:
A handler can write files, such as log files, to the
Each query gets its own memory-backed file system in which its own
/tmpis stored, so different queries cannot have file name conflicts.
However, conflicts within a query are possible if a single query calls more than one UDF, and those UDFs try to write to the same file name.
You can’t use a handler to create sockets, but you can use a handler to access resources on an external network.
You cannot use the code in the Snowflake JDBC Driver to access the database. Your UDF cannot itself act as a client of Snowflake.
For Handlers in Java or Scala¶
Using JNI (Java Native Interface) is not supported. Snowflake prohibits loading libraries that contain native code (as opposed to Java bytecode).
When used within a government region, Java UDFs support encryption algorithms that are validated to meet the Federal Information Processing Standard (140-2) (FIPS 140-2) requirements. Only cryptographic algorithms that are allowed in the FIPS approved mode of the BouncyCastle cryptography API for Java can be used. For information about FIPS 140-2, see FIPS 140-2.