Jason Altekruse wrote:
Yes, we want workspaces to be able to used in conjunction with
authentication to provide limited views of data to some users. Is this
currently not being enforced?
I'm not sure what would be enforced with authentication/impersonation
turned on (especially, whether access is checked after all pathname
resolution is done or is checked too early).
I was just running in regular (no-impersonation) local mode and noticed
that using "../" in a pathname can get to directories outside the
workspace's root.
Is that behavior expected or is that a bug?
(Part of, or another way to ask, my question is whether we:
- only intend the workspace to be a like a default working directory
(where you usually give downward-only relative names to files in its
subtree, but might occasionally reach out of the subtree), or
- intend the workspace to be more restricted.)
Daniel
On Tue, Sep 29, 2015 at 3:49 PM, Daniel Barclay <[email protected]>
wrote:
In file/directory pathnames for tables, does Drill intend to block use of
"../" that traverses up beyond the root of the workspace (i.e., above /tmp
for (default) dfs.tmp)?
Daniel
--
Daniel Barclay
MapR Technologies
--
Daniel Barclay
MapR Technologies
