qqqttt123 commented on PR #13810: URL: https://github.com/apache/iceberg/pull/13810#issuecomment-3815958630
I have som concern about the security risk because it relies on client-provided information without server-side validation. The server cannot verify if the referenced view actually exists or legitimately references the table being loaded, potentially allowing permission bypasses. For example: Tom creates a view `A` using SQL, has the privilege to read table `B` and table `C`. ``` CREATE VIEW A SQL SECURITY DEFINER AS SELECT * FROM B WHERE department = 'Engineering'; ``` Jerry has the privilege to read the view `A`, if he mocks a request load table C referenced by view `A`, it will produce a security risk. We would better add more constraints in the `createVIew` request. We should add required table identifiers in the request. So we can validate the table identifiers in the server side. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
