potiuk commented on issue #43963: URL: https://github.com/apache/airflow/issues/43963#issuecomment-2473484283
It's a bit problematic, I woudl very much prefer to have an easy way to configure private certificates for it. I think accessing Snowflake without SSL is REALLY bad idea - especially that almost by definition it is "somwhere else" (Yeah I understand it can be in a private network, but it is not really super secure either in this case). I'd only limit no-SSL connections to internal communication on the same node or proxy -> webapp where their network is truly internal and not accessible by any "human" in the company (which I hardly imagine possible when you communicate with Snowflake). It might sound excessive but it had already costed Snowflake a lot of reputation damage when their MFA was not enforced earlier this year: https://www.informationweek.com/cyber-resilience/snowflake-s-lack-of-mfa-control-leaves-companies-vulnerable-experts-say - and we can safely assume that "disabling security" should not be easy. Maybe - if you attempt to do it, you should make sure there is big FAT warning generated when any such non-secured connection is attempted - like "THIS IS NOT SECURE, MAKE SURE THAT YOU ARE NOT CONNECTING TO PRODUCTION INSTANCE" or smth. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
