potiuk commented on PR #32052:
URL: https://github.com/apache/airflow/pull/32052#issuecomment-1609272692
One more small comment. I've been thiknig about it.. Currently we have this
but only in comments.
```
Before setting this to Enabled, make sure that you review the users who are
able to add/edit
connections and ensure they are trusted. Connection testing can be
done maliciously leading to
undesired and insecure outcomes.
```
Should we make also add some more information (link to the right part of the
security model documentation once we merge
https://github.com/apache/airflow/pull/32098 should be enough ) - both in the
newsfragment (effectively release notes) and in the place in documentation
where we explain test connection, to explain why it is dangerous to enable test
connection?
I think we should be very explicit about it if we want to make our model
influence decisions of our users.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
