You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2021/04/01 00:01:56 UTC

[GitHub] [druid] suneet-s commented on a change in pull request #11016: Update security overview with additional recommendations

suneet-s commented on a change in pull request #11016:
URL: https://github.com/apache/druid/pull/11016#discussion_r605294614



##########
File path: docs/operations/security-overview.md
##########
@@ -264,3 +318,29 @@ As an alternative to using the basic metadata authenticator, as shown in the pre
 
 
 Congratulations, you have configured permissions for user-assigned roles in Druid!
+
+
+## Druid security trust model
+Like all other security systems, trust is the foundation of the Druid security model. Druid administrators and read-only users are trusted users. Therefore, they are not expected to act maliciously.

Review comment:
       @techdocsmith It is possible that a security flaw can be exploited where a read only user elevates their permissions. This would be a very serious attack vector, so having a security model that says a read only user should not act maliciously seems counter-intuitive to me.
   
   All security flaws are because someone is acting maliciously. The question then is what are the levels of defense in the system. That's what I thought a security trust model is.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org