collado-mike commented on PR #1424: URL: https://github.com/apache/polaris/pull/1424#issuecomment-2832438697
> But I'm still struggling with a proper threat model here. You're not creative enough to be a bad guy 🤣 The threat here is that the vended credentials are used outside of the scope of accessing the data in this table. There's nothing preventing a malicious user from using these credentials to call KMS to decrypt any key defined for any file elsewhere in S3. Or non-S3 resources entirely. At minimum, the IAM policy should define an encryption context, but preferably the specific KMS key _and_ the encryption context. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
