potiuk commented on PR #32858: URL: https://github.com/apache/airflow/pull/32858#issuecomment-1657751233
> Note: I'm not a committer so my approval is just a emotional support, has no value :-D Quite the opposite. It does have a value as committer see it and read the comments and reviews/approval :) The change looks good. But I have one comment here. It would be a bit of a problem IF we would not have clarified our security model recently - see https://airflow.apache.org/docs/apache-airflow/stable/security/index.html and "Capabilities of authenticated UI users". Without this clarification added - this change could be seen as security issue, because the user who could configure the connection, could also configure a completely different image and perform Remote Code Execution (which is quite surprising for the user who - from the first glance - can **just** configure connections). But in our Security model we have it clear that this is expected: > Connection configuration users: They configure connections and potentially execute code on workers during DAG execution. Trust is required to prevent misuse of these privileges. They have full access to sensitive credentials stored in connections and can modify them. Access to sensitive information through connection configuration should be trusted not to be abused. They also have the ability to create a Webserver Denial of Service situation and should be trusted not to misuse this capability. So yeah. It looks good (in this context). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
