eric-maynard commented on PR #422: URL: https://github.com/apache/polaris/pull/422#issuecomment-2456556372
A few thoughts here. 1. For _testing_, I've found it generally sufficient just to use e.g. `--access-token 'principal:root;realm:default-realm'`, so you shouldn't actually need root credentials in many cases unless you are testing a context resolver. 2. In general, I feel nervous about allowing the bootstrap process to use non-random credentials (even when supplied by the user). I am not a security expert but this seems insecure. 3. With respect to the bootstrap command printing the credentials to stdout, this was thought to be insecure. I remember now that this explicitly came up in my previous conversations with @collado-mike -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
