Github user sourav-mazumder commented on the pull request:
https://github.com/apache/incubator-zeppelin/pull/681#issuecomment-183949562
Hi Prasad,
This id to clarify little more on my original comment #2 to address your
question.
If you are storing authorization data in a plain text anyone (who has
access to the file storing the note permission) can access that permission file
through the OS and change it. Now in your design approach you can assume that
the file containing the permissions for all notebooks would be stored in a
folder that can be accessed only by an administrator (essentially the same
person who has the permission to start/stop the zeppelin process). That
approach is fine too and you don't need encryption in that case. However, key
point is you need to have note permission stored in a separate file not in the
actual notebook data. In either approach this is the prerequisite.
Hope this helps.
Regards,
Sourav
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
