Open Yicong-Huang opened 3 years ago
Discussion 01/13/2021: @Yicong-Huang will fix it some time. Could be assigned to ugrad.
~Appears to have been solved by #1251~
Edit: logged in users can only access files through UserFileUtils
, which has a permissions mechanism.
sessions without a userID can still choose any path?
Discussion 2022.05.12: We leave this open.
Discussion 2022.12.07: To be confirmed and closed by @Yicong-Huang and @zuozhiw.
With the change of #1688, users can now input file paths manually on the UI. So the security issue remains valid.
containers will solve this issue.
The current File Source operator can access any path that user specifies. This has potential security issue. We should do validation on the path of user input, restrict a user to only access files/paths belong to him/her.
Created from JetBrains using CodeStream