alamb commented on PR #7058: URL: https://github.com/apache/arrow-datafusion/pull/7058#issuecomment-1652394407
> Is this because there might be some other unexpected behavior we might not be aware of for now? Yes, I am concerned that since DataFusion is used to build server software, that it doesn't have security vulnerabilities. Accessing the environment and home directories are classic attack vectors from my understanding > library: How about adding a Catalog configuration option like use_path_shell_expansion, and turn it off in default config (also suggest not to use it in production in doc), and turn it on in CLI by default? I think that sounds like an excellent idea 👍 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
