jscheffl commented on code in PR #36513: URL: https://github.com/apache/airflow/pull/36513#discussion_r1438898796
########## docs/apache-airflow/img/diagram_basic_airflow_architecture.png: ########## Review Comment: I dis-like the icon for the plugin-folder (in terms of visual style) and the dotted arrows are ending on the outside borders of the icon. Can you use a different icon for the folder? e.g. something like (not exactly but in general): https://www.vecteezy.com/vector-art/420464-vector-document-in-folder-icon ########## docs/apache-airflow/core-concepts/overview.rst: ########## @@ -43,13 +43,26 @@ An Airflow installation generally consists of the following components: Basic airflow architecture -------------------------- -This is the basic architecture of Airflow that you'll see in simple installations: +This is the basic architecture of Airflow that you'll see in simple installations. + +Note that even in the simple installation, Airflow Webserver does not access the DAG files directly +(the code you see in the Code tab of the UI is synchronized via the metadata database). + +This is to allow for a more secure deployment, where the webserver has never the need or even +possibility to executed code submitted by DAG authors, the only custom code that webserver can +execute are the plugins and those should be only installed and deployed by the Airflow Deployment Manager. Review Comment: I agree with @potiuk - but maybe this is currently also in the light of many security reviews. If no agreement, then the reasoning can be shortened a bit. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
