ashb commented on pull request #15599: URL: https://github.com/apache/airflow/pull/15599#issuecomment-830105762
@uranusjr Possibly, but I don't _think_ we need to defend against that level of attack -- it would only show up in the UI like that if it matches a connection the task has _accessed_. So yes, there's a theoretical attack surface here, but with the planned work of per-Connection ACLs etc, I think that is mitigated. Plus it only lets you validate the password if you already know it, but if you can change the DAG code, there are easier ways of exfil-ing the credentials. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
