dabla commented on PR #35591: URL: https://github.com/apache/airflow/pull/35591#issuecomment-2585255308
> i just realised there is likely one big problem here - security. > > While we cannot prevent it completely for some kind of connections (this is why [Connection Editing user](https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.html#capabilities-of-authenticated-ui-users) should be highly priviledged, introducing RCE deliberately is another thing. > > If I understand correctly, someone who edits connection can decide which arbtirary class will be instantiated and executed when HTTP connection is established via HTTP Hook ? Which - if I understand correctly is basically a "no-go" - we removed a number of cases like that from the past from a number of providers precisely for that reason. > > Is there any way we can make UI connection "declarative" for that? for example we could limit the list of predefined auth types we can choose. Does it make sense at all? @potiuk The number of possible connections is already limited and is exposed as a frozenset in the HttpHook, so there is not way to fiddle with it. You can also configure the allowed auth types through the airflow.cfg, so this means that you would actually need access to the airflow installation to be able to modify it. So maybe I'm naïve here, but I think we're quite safe here unless I'm missing something important here which could be the case. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
