nytai commented on pull request #12315: URL: https://github.com/apache/superset/pull/12315#issuecomment-756416385
I'd rather we not continue this security discussion as I think we can all agree that an attacker gaining access to app.config is pretty much a doomsday scenario given that the secret key and database passwords are stored in that config. Also If an attacker has write access to app.config they've likely gained access to the entire server environment and pretty much everything (BE or FE) would be compromised at that point. I don't see any difference wdt security if the template lives in the config file as a string or a seperate jinja template file, but you are right it is a slightly nicer api to be editing a template files instead of a string. I'll make these changes shortly ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
