[ https://issues.apache.org/jira/browse/DRILL-5964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16267671#comment-16267671 ]
ASF GitHub Bot commented on DRILL-5964: --------------------------------------- Github user arina-ielchiieva commented on a diff in the pull request: https://github.com/apache/drill/pull/1050#discussion_r153337275 --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/store/dfs/WorkspaceConfig.java --- @@ -30,18 +30,25 @@ public class WorkspaceConfig { /** Default workspace is a root directory which supports read, but not write. */ - public static final WorkspaceConfig DEFAULT = new WorkspaceConfig("/", false, null); + public static final WorkspaceConfig DEFAULT = new WorkspaceConfig("/", false, null, false); private final String location; private final boolean writable; private final String defaultInputFormat; - + private final Boolean allowAccessOutsideWorkspace; // allow access outside the workspace by default. This + // field is a Boolean (not boolean) so that we can + // assign a default value if it is not defined in a + // storage plugin config public WorkspaceConfig(@JsonProperty("location") String location, @JsonProperty("writable") boolean writable, - @JsonProperty("defaultInputFormat") String defaultInputFormat) { + @JsonProperty("defaultInputFormat") String defaultInputFormat, + @JsonProperty("allowAccessOutsideWorkspace") Boolean allowAccessOutsideWorkspace + ) { this.location = location; this.writable = writable; this.defaultInputFormat = defaultInputFormat; + //this.allowAccessOutsideWorkspace = allowAccessOutsideWorkspace != null ? allowAccessOutsideWorkspace : false ; + this.allowAccessOutsideWorkspace = true; --- End diff -- It seems we should not always set true... > Do not allow queries to access paths outside the current workspace root > ----------------------------------------------------------------------- > > Key: DRILL-5964 > URL: https://issues.apache.org/jira/browse/DRILL-5964 > Project: Apache Drill > Issue Type: Improvement > Affects Versions: 1.11.0 > Reporter: Parth Chandra > Assignee: Parth Chandra > Labels: doc-impacting > > Workspace definitions in the dfs plugin are intended to provide a convenient > shortcut to long directory paths. However, some users may wish to disallow > access to paths outside the root of the workspace, possibly to prevent > accidental access. Note that this is a convenience option and not a > substitute for permissions on the file system. -- This message was sent by Atlassian JIRA (v6.4.14#64029)