rdblue commented on issue #16483: URL: https://github.com/apache/iceberg/issues/16483#issuecomment-4503685722
Looks similar to the last couple, which assume a malicious catalog, only this one causes a credential type to be ignored and sent where it was configured to be sent. I don't think that's an issue because this config is intended to work this way. I don't see how this would change the outbound auth flow without the attacker-controlled catalog doing so. In that case, ignoring the credential type is not the primary concern. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
