sugibuchi commented on issue #43197:
URL: https://github.com/apache/arrow/issues/43197#issuecomment-2217181193
@kou
Thank you very much for your answer and correction.
> * We should reject URLs that have :password in the "userinfo" URI part
> * We should reduce supported URL patterns
I suggest only the first point. Regarding the second point, I don't have a
strong objection as long as a file system implementation supports the
Hadoop-compatible syntax.
However, as having storage account keys in ABFS URLs is a new practice
invented by Apache Arrow and has security concerns, I suggest removing this
feature.
> BTW, it seems that you misinterpreted supported formats:
You are right. I have updated the issue description, and let me copy-paste
the original comment in the source code.
```cpp
/// 1. abfs[s]://[:\<password\>@]\<account\>.blob.core.windows.net
/// [/\<container\>[/\<path\>]]
/// 2.
abfs[s]://\<container\>[:\<password\>]@\<account\>.dfs.core.windows.net
/// [/path]
/// 3. abfs[s]://[\<account[:\<password\>]@]\<host[.domain]\>[\<:port\>]
/// [/\<container\>[/path]]
/// 4. abfs[s]://[\<account[:\<password\>]@]\<container\>[/path]
```
In my view, only the second pattern (without password) is Hadoop-compatible.
1 and 3 do not include the container (file system) name in the authority part
of the patterns. 4 has a different syntax for the authority part.
But as I explained above, I don't have strong objections against these
patterns except for having passwords in URLs.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
