Return-Path: <commits-return-3647-archive-asf-public=cust-asf.ponee.io@airflow.incubator.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id E7CA0200B97
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Sun,  9 Oct 2016 10:15:25 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id E65A6160ADA; Sun,  9 Oct 2016 08:15:25 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 2E9B7160AC3
	for <archive-asf-public@cust-asf.ponee.io>; Sun,  9 Oct 2016 10:15:25 +0200 (CEST)
Received: (qmail 25161 invoked by uid 500); 9 Oct 2016 08:15:24 -0000
Mailing-List: contact commits-help@airflow.incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@airflow.incubator.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@airflow.incubator.apache.org>
List-Post: <mailto:commits@airflow.incubator.apache.org>
List-Id: <commits.airflow.incubator.apache.org>
Reply-To: dev@airflow.incubator.apache.org
Delivered-To: mailing list commits@airflow.incubator.apache.org
Received: (qmail 25152 invoked by uid 99); 9 Oct 2016 08:15:24 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 09 Oct 2016 08:15:24 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id CEFD61804B5
	for <commits@airflow.apache.org>; Sun,  9 Oct 2016 08:15:23 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -6.219
X-Spam-Level: 
X-Spam-Status: No, score=-6.219 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1,
	RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
	RP_MATCHES_RCVD=-2.999] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id 1Ci6RFKRbYvO for <commits@airflow.apache.org>;
	Sun,  9 Oct 2016 08:15:22 +0000 (UTC)
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id DB65F5F471
	for <commits@airflow.incubator.apache.org>; Sun,  9 Oct 2016 08:15:21 +0000 (UTC)
Received: (qmail 24371 invoked by uid 99); 9 Oct 2016 08:15:21 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 09 Oct 2016 08:15:21 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id B1B782C0086
	for <commits@airflow.incubator.apache.org>; Sun,  9 Oct 2016 08:15:20 +0000 (UTC)
Date: Sun, 9 Oct 2016 08:15:20 +0000 (UTC)
From: "ASF subversion and git services (JIRA)" <jira@apache.org>
To: commits@airflow.incubator.apache.org
Message-ID: <JIRA.13006067.1474326645000.776121.1476000920591@Atlassian.JIRA>
In-Reply-To: <JIRA.13006067.1474326645000@Atlassian.JIRA>
References: <JIRA.13006067.1474326645000@Atlassian.JIRA> <JIRA.13006067.1474326645593@arcas>
Subject: [jira] [Commented] (AIRFLOW-518) Require DataProfilingMixin for the
 Variables CRUD access
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Sun, 09 Oct 2016 08:15:26 -0000


    [ https://issues.apache.org/jira/browse/AIRFLOW-518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15559562#comment-15559562 ] 

ASF subversion and git services commented on AIRFLOW-518:
---------------------------------------------------------

Commit 941500e14f4e327cbae0b404515597afa04ade60 in incubator-airflow's branch refs/heads/master from [~maxime.beauchemin@apache.org]
[ https://git-wip-us.apache.org/repos/asf?p=incubator-airflow.git;h=941500e ]

[AIRFLOW-518] Require DataProfilingMixin for Variables CRUD

Many of us use the "Variable" model CRUD
(create/update/delete) as a k/v
store to power frameworks that read these values
to dynamically generate
pipelines.

With the basic "LoginMixin" role (lowest level of
access to Airflow)
having access to the Variable CRUD, people could
easily alter a Variable
to run arbitrary code on the platform, depending
on how variables are
use in that environment.

It's a safer bet to elevate CRUD on Variable to
DataProfilingMixin, and
make sure that the lowest level of access cannot
interfere with these
Variables.

Closes #1804 from mistercrunch/elevate_variables


> Require DataProfilingMixin for the Variables CRUD access
> --------------------------------------------------------
>
>                 Key: AIRFLOW-518
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-518
>             Project: Apache Airflow
>          Issue Type: Improvement
>            Reporter: Maxime Beauchemin
>
> Many of us use the "Variable" model CRUD (create/update/delete) as a k/v store to power frameworks that read these values to dynamically generate pipelines. 
> With the basic "LoginMixin" role (lowest level of access to Airflow) having access to the Variable CRUD, people could easily alter a Variable to run arbitrary code on the platform, depending on how variables are use in that environment.
> It's a safer bet to elevate CRUD on Variable to DataProfilingMixin, and make sure that the lowest level of access cannot interfere with these Variables.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)