You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2022/09/20 04:32:56 UTC

[GitHub] [druid] kfaraz commented on issue #13120: Refine Query Context Security Model

kfaraz commented on issue #13120:
URL: https://github.com/apache/druid/issues/13120#issuecomment-1251822867

   > By contrast, keys in the reject list are forbidden (but again see below), while all others are allowed.
   
   I suppose this means that the keys in the reject list should be security checked and not freely allowed.
   This is also apparent from the pseudo-code. I think in that case the keys are perhaps just "protected"
   rather than being forbidden (They might be forbidden for a certain user who doesn't have the required permission).
   
   I would suggest naming the reject list something like:
   ```
   druid.query.context.protected
   OR
   druid.query.context.protectedKeys
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org