Disable deltaLake and hudi table functions in readonly mode#43316
Disable deltaLake and hudi table functions in readonly mode#43316alexey-milovidov merged 1 commit intomasterfrom
deltaLake and hudi table functions in readonly mode#43316Conversation
|
Hi, what does |
|
@ucasfl recently we enabled some table functions for readonly mode, previously all of them were disabled for security reasons. |
Why |
|
It is determined by the possibility of making requests to arbitrary hostnames. If users can make a request to an arbitrary hostname, they can get the info from the internal network or manipulate internal APIs (say - put some data into Memcached, which is available only in the corporate network). This is named "SSRF attack". Or a user can use an open ClickHouse server to amplify DoS attacks. |
Changelog category (leave one):
Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):
Disable
deltaLakeandhuditable functions in readonly mode.cc @SmitaRKulkarni tell me if I missed something