jdanap commented on issue #38565: URL: https://github.com/apache/arrow/issues/38565#issuecomment-1801851350
Documenting the requirements/limitations for Authenticate makes sense to me. Correct me if I am wrong - but I believe even if we can make `authenticate` stateless or thread-safe by locking the `auth_handler` (here and in any other place that uses it) or any other smarter means, we would still run into a race condition between the authenticate call itself, and the methods affected by the `auth_handler` such as the actual do_get/do_action and stream reading. Under a multi-user context scenario, authentication under user A should not be overridden, thread-safely or not, by user B until user A completes their request following Authenticate. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
