(airflow) branch main updated: Update security model to clarify Connection Editing user's capabilities (#37688)

Sun, 25 Feb 2024 06:09:17 -0800 

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 8658c22f4b Update security model to clarify Connection Editing user's 
capabilities (#37688)
8658c22f4b is described below

commit 8658c22f4b6523debfe1882d4bdc078abb4a1df3
Author: Jarek Potiuk <[email protected]>
AuthorDate: Sun Feb 25 15:09:05 2024 +0100

    Update security model to clarify Connection Editing user's capabilities 
(#37688)
    
    While we already mentioned and explained in a number of places that
    connection editing is dangeerous, we should explicitly menion that
    misconfiguring of connections might lead to RCE situations and that
    this is not preventable - and that connection editing users should
    be highly trusted.
---
 docs/apache-airflow/security/security_model.rst | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/docs/apache-airflow/security/security_model.rst 
b/docs/apache-airflow/security/security_model.rst
index 329e54670b..10ef5624fe 100644
--- a/docs/apache-airflow/security/security_model.rst
+++ b/docs/apache-airflow/security/security_model.rst
@@ -121,9 +121,12 @@ They configure connections and potentially execute code on 
workers during DAG ex
 required to prevent misuse of these privileges. They have full access
 to sensitive credentials stored in connections and can modify them.
 Access to sensitive information through connection configuration
-should be trusted not to be abused. They also have the ability to
-create a Webserver Denial of Service situation and should be trusted
-not to misuse this capability.
+should be trusted not to be abused. They also have the ability to configure 
connections wrongly
+that might create a Webserver Denial of Service situations and specify 
insecure connection options
+which might create situations where executing DAGs will lead to arbitrary 
Remote Code Execution
+for some providers - either community released or custom ones.
+
+Those users should be highly trusted not to misuse this capability.
 
 Audit log users
 ...............

Reply via email to