Hi, The current Azure file system URI accepts account key as "password" field:
https://github.com/apache/arrow/blob/f3dd298bd32f6dc38654680c49b3f1fbf97e3d5f/cpp/src/arrow/filesystem/azurefs.h#L147-L152 Should we disallow it? (I don't have a strong opinion for this.) Related issue: https://github.com/apache/arrow/issues/43197 It focus on compatibility with products that support Azure Blob File System URL mainly. But it also focus on security. Random notes: * The account key ("password" field) isn't used in URL of real API calls. It's just used to build related objects of Azure SDK for C++. * The URI specification (RFC 3986) deprecates the "user:password" format: https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.1 Thanks, -- kou
