[GitHub] [druid] jihoonson opened a new pull request #10840: HTTP inputSource should deny all domains by default

Tue, 02 Feb 2021 21:35:40 -0800 


jihoonson opened a new pull request #10840:
URL: https://github.com/apache/druid/pull/10840


   ### Description
   
   In the current Druid security model, the people who can ingest data are 
usually system administrators or trusted users because they will get the same 
privilege as what the Overlord has. However, when ingest permission is granted 
to a non-trusted user for some reason, it could be problematic if that user can 
ingest from any domains using HTTP inputSource. This PR changes HTTP 
inputSource to deny access to all domains by default. This can be a good 
practice for system admins to think about what domains they want to allow 
before using HTTP inputSource.
   
   <hr>
   
   This PR has:
   - [x] been self-reviewed.
      - [ ] using the [concurrency 
checklist](https://github.com/apache/druid/blob/master/dev/code-review/concurrency.md)
 (Remove this item if the PR doesn't have any relation to concurrency.)
   - [x] added documentation for new or modified features or behaviors.
   - [ ] added Javadocs for most classes and all non-trivial methods. Linked 
related entities via Javadoc links.
   - [ ] added or updated version, license, or notice information in 
[licenses.yaml](https://github.com/apache/druid/blob/master/licenses.yaml)
   - [ ] added comments explaining the "why" and the intent of the code 
wherever would not be obvious for an unfamiliar reader.
   - [x] added unit tests or modified existing tests to cover new code paths, 
ensuring the threshold for [code 
coverage](https://github.com/apache/druid/blob/master/dev/code-review/code-coverage.md)
 is met.
   - [ ] added integration tests.
   - [ ] been tested in a test Druid cluster.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to