dimas-b commented on issue #791: URL: https://github.com/apache/polaris/issues/791#issuecomment-2670468503
> I also believe that it is the Resource Server's (in our case Polaris) responsibility to determine on what grounds the auth token would be deemed unauthorized, and to communicate that to the client. I disagree. Server do not have to explain the reason for denied access. I maintain my point that the more information about the reason for denied access is returned to the client, the greater security risks. Granted, this makes debugging access issues harder. Yet, in that case I think the server should log reasons (for viewing by admin users only) rather than report them to API clients. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
