-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove JDBC connector allow-drop-table flag #588
Conversation
presto-base-jdbc/src/main/java/io/prestosql/plugin/jdbc/JdbcSecurityConfig.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
% comment
4b60499
to
f660baf
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
|
||
public static SecuritySystem fromString(String value) | ||
{ | ||
return valueOf(value.toUpperCase(ENGLISH).replace("-", "_")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See first commit of airlift/airlift#880
Before the change, a user could not erase data easily, since we don't have DELETE support, and DROP TABLE was disabled. Thus the data was not secured against a malicious user, acting intentionally, but was protected against a careless or irrepressible user. I agree |
@findepi IMO the connector level default should be |
@findepi I agree with Will's assessment. Ranger is what the field is using - having multiple locations will confuse the issue and make things more complicated for us and the customer. |
152a9db
to
3857bd3
Compare
Remove the legacy
allow-drop-table
flag. This defaulted tofalse
, so this is a behavior change, but it was inconsistent since we didn't restrict any other operations. Users can enable security using https://trino.io/docs/current/security/built-in-system-access-control.html.