Closed Fannon closed 2 weeks ago
zongqichen
commented
2 weeks ago Hi @Fannon, should we consider which environment we can stop filtering? For example, when env=production, we filter out, but in dev or local environment, we skip filter? Otherwise, is same as we remove it
Fannon
commented
2 weeks ago Hi @Fannon, should we consider which environment we can stop filtering? For example, when
env=production, we filter out, but in dev or local environment, we skip filter? Otherwise, is same as we remove it
No, I think this should depend on whether the security / auth for ORD metadata is given. If there is just "open" access, we can only expose public metadata.
Only once we support protected metadata access, we can really expose internal / private - otherwise we would have a security issue.
zongqichen
commented
2 weeks ago Hi @Fannon, should we consider which environment we can stop filtering? For example, when
env=production, we filter out, but in dev or local environment, we skip filter? Otherwise, is same as we remove itNo, I think this should depend on whether the security / auth for ORD metadata is given. If there is just "open" access, we can only expose public metadata.
Only once we support protected metadata access, we can really expose internal / private - otherwise we would have a security issue.
Based on the docs:
"internal": Resources are accessible to other applications within the same organization.The current implementation will not distinguish internal and private, they will be filtered out at all. Is that correct?
Fannon
commented
2 weeks ago @zongqichen : Yes, internal and private both needs to be protected, so you filter both of them out.
So far this plugin does not support protection of the metadata. To prevent accidental leaking of internal information, we should filter out metadata that has
visibility: internalorvisibility: private.We should also add a disclaimer to the plugin that by installing, the metadata will be openly accessible and that protection of the metadata is not yet supported, but planned.