smengcl commented on PR #4538: URL: https://github.com/apache/ozone/pull/4538#issuecomment-1694062230
> @smengcl , thanks for the explanation. I understand that "tenant user getsecret" brings convenience to users. And as we all know, security naturally brings in inconvenience. So if we want strong security, we have to pay the cost to lose some convenience. > > Back to the example flow you mentioned, besides the "admin alice to send the secret to bob over some third-party channels", bob can also call the "tenant user setsecret" to reset the secret to something he remember. For a new user, reset the password on the first login is a practice used in many systems. What do you think about this solution? Yes that should do it for this use case. cc @prashantpogde for a second opinion. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
