RussellSpitzer commented on issue #16490: URL: https://github.com/apache/iceberg/issues/16490#issuecomment-4503824365
Not a security issue. Requires (1) a faulty catalog server implementation (out of scope for the Iceberg library) (2) the ability to predict or exfiltrate a planning handle. Reference code uses UUID.randomUUID() for plan-ids, so guessing is not realistic; exfiltration from the JVM would expose credentials anyway. At best here I think we could maybe add a note to the spec, but it still feels to implicit to the feature and how the Catalog decides to handle idempotency requests. We generally leave authentication and authorization to catalog implementations; the REST spec documents bearer/OAuth and 401/403 behavior but does not define principals or require authenticated access on every deployment. I'm going to close this out, but if anyone is legitimately confused about the contract here feel free to re-open. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
