Skip to content

Disable deltaLake and hudi table functions in readonly mode#43316

Merged
alexey-milovidov merged 1 commit intomasterfrom
disable-delta-hudi-readonly
Nov 17, 2022
Merged

Disable deltaLake and hudi table functions in readonly mode#43316
alexey-milovidov merged 1 commit intomasterfrom
disable-delta-hudi-readonly

Conversation

@antonio2368
Copy link
Copy Markdown
Member

@antonio2368 antonio2368 commented Nov 17, 2022

Changelog category (leave one):

  • Improvement

Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):

Disable deltaLake and hudi table functions in readonly mode.

cc @SmitaRKulkarni tell me if I missed something

Information about CI checks: https://clickhouse.com/docs/en/development/continuous-integration/

@robot-ch-test-poll1 robot-ch-test-poll1 added the pr-improvement Pull request with some product improvements label Nov 17, 2022
@SmitaRKulkarni SmitaRKulkarni self-assigned this Nov 17, 2022
SmitaRKulkarni
SmitaRKulkarni approved these changes Nov 17, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@SmitaRKulkarni SmitaRKulkarni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ucasfl
Copy link
Copy Markdown
Collaborator

ucasfl commented Nov 17, 2022

Hi, what does allow_readonly means?

@antonio2368
Copy link
Copy Markdown
Member Author

antonio2368 commented Nov 17, 2022

@ucasfl recently we enabled some table functions for readonly mode, previously all of them were disabled for security reasons.
deltaLake and hudi have network access so it's better if we disable them.
I tagged you just for informative reasons as the author of the original PR.

@alexey-milovidov alexey-milovidov merged commit 0d211ed into master Nov 17, 2022
@alexey-milovidov alexey-milovidov deleted the disable-delta-hudi-readonly branch November 17, 2022 18:27
@ucasfl
Copy link
Copy Markdown
Collaborator

ucasfl commented Nov 20, 2022

@ucasfl recently we enabled some table functions for readonly mode, previously all of them were disabled for security reasons. deltaLake and hudi have network access so it's better if we disable them. I tagged you just for informative reasons as the author of the original PR.

Why cluster is allow_readonly but remote is not?

@alexey-milovidov
Copy link
Copy Markdown
Member

alexey-milovidov commented Nov 20, 2022

It is determined by the possibility of making requests to arbitrary hostnames.

If users can make a request to an arbitrary hostname, they can get the info from the internal network or manipulate internal APIs (say - put some data into Memcached, which is available only in the corporate network). This is named "SSRF attack".

Or a user can use an open ClickHouse server to amplify DoS attacks.

@alexey-milovidov alexey-milovidov mentioned this pull request Nov 20, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexey-milovidov alexey-milovidov alexey-milovidov approved these changes

@SmitaRKulkarni SmitaRKulkarni SmitaRKulkarni approved these changes

Assignees

@SmitaRKulkarni SmitaRKulkarni

Labels

pr-improvement Pull request with some product improvements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@antonio2368 @ucasfl @alexey-milovidov @SmitaRKulkarni @robot-ch-test-poll1