Update security model to clarify Connection Editing user's capabiliti…

…es (#37688) While we already mentioned and explained in a number of places that connection editing is dangeerous, we should explicitly menion that misconfiguring of connections might lead to RCE situations and that this is not preventable - and that connection editing users should be highly trusted. (cherry picked from commit 8658c22)
apache · Mar 6, 2024 · e2ec0b8 · e2ec0b8
1 parent 9ed6031
commit e2ec0b8
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/docs/apache-airflow/security/security_model.rst b/docs/apache-airflow/security/security_model.rst
@@ -121,9 +121,12 @@ They configure connections and potentially execute code on workers during DAG ex
 required to prevent misuse of these privileges. They have full access
 to sensitive credentials stored in connections and can modify them.
 Access to sensitive information through connection configuration
-should be trusted not to be abused. They also have the ability to
-create a Webserver Denial of Service situation and should be trusted
-not to misuse this capability.
+should be trusted not to be abused. They also have the ability to configure connections wrongly
+that might create a Webserver Denial of Service situations and specify insecure connection options
+which might create situations where executing DAGs will lead to arbitrary Remote Code Execution
+for some providers - either community released or custom ones.
+
+Those users should be highly trusted not to misuse this capability.
 
 Audit log users
 ...............