pierrejeambrun commented on code in PR #54088: URL: https://github.com/apache/airflow/pull/54088#discussion_r2251383070
########## airflow-core/docs/security/security_model.rst: ########## @@ -115,16 +115,25 @@ Connection configuration users .............................. They configure connections and potentially execute code on workers during DAG execution. Trust is -required to prevent misuse of these privileges. They have full access -to sensitive credentials stored in connections and can modify them. -Access to sensitive information through connection configuration +required to prevent misuse of these privileges. They have full write-only access +to sensitive credentials stored in connections and can modify them, but cannot view them. +Access to write sensitive information through connection configuration should be trusted not to be abused. They also have the ability to configure connections wrongly that might create a API Server Denial of Service situations and specify insecure connection options which might create situations where executing dags will lead to arbitrary Remote Code Execution for some providers - either community released or custom ones. Those users should be highly trusted not to misuse this capability. +.. note:: + + Before Airflow 3.0.4, the **Connection configuration users** role had also access to view the sensitive information this has + been changed in Airflow 3.0.4 to improve security of the accidental spilling of credentials of the connection configuration Review Comment: > Correct. Indeed you are right - there was a bug in 3.0.0 - 3.0.2 that prevented updating those connections via UI and 3.0.3 fixed the bug but also reveled the sensitive data. Exactly -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
