You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2019/12/17 13:04:26 UTC
[GitHub] [airflow] potiuk commented on issue #6801: [AIRFLOW-6260] Drive
_cmd config options by env var
potiuk commented on issue #6801: [AIRFLOW-6260] Drive _cmd config options by env var
URL: https://github.com/apache/airflow/pull/6801#issuecomment-566532796
I have some doubts about that one.
While I understand where it comes from, it has a number of drawbacks:
* the scripts should work the same way from all the entities that can run it (webserver, scheduler, workers) - with env variables you just need to make sure that they are set the same way, here you also likely have to set some authentication mechanism on all those entities or embed the credentials to read the credentials in the command itself.
* it's security by obscurity. Once you have access to read the variables, and you can start/stop airflow or run airflow CLI you should be able to execute those commands yourself and get the credentials anyway.
* You open up a possibility to run some dangerous operations - it's enough to set a variable (which user might not see) and get airflow to execute arbitrary command when the command is started. Of course if you can override someone's variables, you can probably do a lot more, but nevertheless it looks dangerous
I wonder what other committers think about it ?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services