You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by "paul-rogers (via GitHub)" <gi...@apache.org> on 2023/02/25 00:01:30 UTC

[GitHub] [druid] paul-rogers commented on issue #13837: Input source security model for MSQ table functions and more

paul-rogers commented on issue #13837:
URL: https://github.com/apache/druid/issues/13837#issuecomment-1444760032

   @zachjsh, thanks for the comment. Yes, that is a whole that's been worrying me. Security is handled via extensions. If those extensions are set up to handle all `EXTERNAL` resources the same, then this change is backward-compatible. But, if any one system has explicitly handles `(EXTERNAL, EXTERNAL, READ)`, then we'll break things, which is not ideal.
   
   One possible solution is to add a feature flag to enable "enhanced" input source security. A trick will be to wire that up to the right spot in Calcite since properties are given via Guice, and Calcite doesn't play the Guice game. I'll work this out when I tinker with the code. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org