michael-s-molina commented on pull request #17337: URL: https://github.com/apache/superset/pull/17337#issuecomment-964426050
Hi @willbarrett. Thanks so much for helping with the review! > I'm concerned about some of the proposed usages - particularly access tokens, refresh tokens, and public key storage. These items should all be held in an encrypted system, not a plain-text field. That's a big security no-no. You're right about this. There are more secure structures for this type of information. I removed them from possible use cases in the PR description. > I would also recommend adding a user_id to the key value store and only allowing retrieval of items by the same user. Otherwise this system potentially allows any user to read any stored key, which for most of the uses you recommend would constitute a security hole. > The original key value store was originally deprecated due to similar security concerns. Keep in mind that obscurity of a long key is not the same thing as security - even if the keys are hard to guess, we should have security controls on the individual keys. The key-value table has a `created_by` field for that purpose. One of the main uses of this store is to share content between users like an URL state, a draft, etc. Currently, the access is being controlled by the possession of a secure key. It's the same type of access control as Google Docs when you select the "Anyone with the link" type of sharing. We could increment this and also offer the second type of control where we can select which users are allowed to access the content, similar to Google Docs restricted sharing. What do you think? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
