ndimiduk commented on PR #5853: URL: https://github.com/apache/hbase/pull/5853#issuecomment-2104221543
From my perspective, on client-side security, the client application is already a "compromised" actor. I assume that whomever controls that application already has full control over the configuration objects that it presents to the hbase-client library code. Any service application that exposes creation of an hbase-client to user-provided input is already exposed to whatever attacks this approach opens up. Unless of course I'm missing something. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org