adutra commented on PR #15171: URL: https://github.com/apache/iceberg/pull/15171#issuecomment-3998525815
> Part of complexity of building the server side implementation of this is knowing what to sign and what not to, but I think that's pretty general (though we don't currently provide any guidance). Well, it's not that simple imo. The bare minimum is to sign only `Host` and all the `x-amz-*` headers. But we probably want to sign others to enhance security. After working on this with @steveloughran for a while, I'm reaching the conclusion that we should introduce a REST spec change to allow servers to communicate their choice of unsigned headers to clients. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
