airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maxime Beauchemin (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AIRFLOW-518) Require DataProfilingMixin for the Variables CRUD access
Date Mon, 19 Sep 2016 23:11:20 GMT
Maxime Beauchemin created AIRFLOW-518:
-----------------------------------------

             Summary: Require DataProfilingMixin for the Variables CRUD access
                 Key: AIRFLOW-518
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-518
             Project: Apache Airflow
          Issue Type: Improvement
            Reporter: Maxime Beauchemin


Many of us use the "Variable" model CRUD (create/update/delete) as a k/v store to power frameworks
that read these values to dynamically generate pipelines. 

With the basic "LoginMixin" role (lowest level of access to Airflow) having access to the
Variable CRUD, people could easily alter a Variable to run arbitrary code on the platform,
depending on how variables are use in that environment.

It's a safer bet to elevate CRUD on Variable to DataProfilingMixin, and make sure that the
lowest level of access cannot interfere with these Variables.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message