paul-rogers commented on issue #13837: URL: https://github.com/apache/druid/issues/13837#issuecomment-1444760032
@zachjsh, thanks for the comment. Yes, that is a whole that's been worrying me. Security is handled via extensions. If those extensions are set up to handle all `EXTERNAL` resources the same, then this change is backward-compatible. But, if any one system has explicitly handles `(EXTERNAL, EXTERNAL, READ)`, then we'll break things, which is not ideal. One possible solution is to add a feature flag to enable "enhanced" input source security. A trick will be to wire that up to the right spot in Calcite since properties are given via Guice, and Calcite doesn't play the Guice game. I'll work this out when I tinker with the code. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
