Hi I think it should have gone via secur...@apache.org just to avoid public security discussion.
Anyway that makes sense. Regards JB Le sam. 7 déc. 2024 à 19:37, Robert Stupp <sn...@snazy.de> a écrit : > Generally I agree. Compromising security is not an option - ever. > > > On 7. Dec 2024, at 00:16, Michael Collado <collado.m...@gmail.com> > wrote: > > > > Hey folks > > > > Someone pinged about https://github.com/apache/polaris/pull/389 > yesterday > > and I thought it was worth bringing up for discussion. > > > > On-prem s3 compat sounds like a super useful feature and I'm fully on > board > > with supporting it, but I think we need to make a decision about whether > we > > support vending long-lived storage credentials in the REST endpoint. I > > think we generally favor compatibility and extensibility, but I am of the > > opinion that we should disallow obvious security risks, such as vending > > long-lived credentials. The blast radius of accidentally vending > > short-lived tokens is fairly contained, whereas the consequences of > vending > > long-lived credentials can be unbounded. > > > > I think this is one of those areas where the project/community should be > > opinionated and say we should not sacrifice security for the sake of > > compatibility with specific environments. If some environments promote > less > > secure credential handling by disallow session token generation, then we > > should simply not support those environments. > > > > What are your thoughts on that issue? Is that a suitable design tenet we > > can add to our project documentation? Or am I just being stubborn? > > > > Mike > >
