You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2018/08/21 02:27:11 UTC
[GitHub] nsreenivas commented on issue #3764: [AIRFLOW-2916] Arg `verify`
for AwsHook() & S3 sensors/operators
nsreenivas commented on issue #3764: [AIRFLOW-2916] Arg `verify` for AwsHook() & S3 sensors/operators
URL: https://github.com/apache/incubator-airflow/pull/3764#issuecomment-414529083
I believe standard practice for most SSL communication is to provide a way to turn it off but enable by default. S3 API and LDAP protocol support communication with and without SSL. Organisations who want to disable insecure connection will generally block the port that allows insecure communication (LDAP 389 port). Additionally, we have development environments where users want to test tools without having to deal with things like TLS and Kerberos.
The other point is when we are in an on-premise environment using tools like Minio or IBM Cloud Object Store, we need to be able to pass certs that aren't the default AWS certificates. This is a requirement for running Airflow securely in an on-premise cloud.
I would suggest defaulting to SSL enabled but allow the opportunity for users to disable it if required. As the AWS CLI does, an warning could be thrown telling users that noSSL is an insecure option.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services