Hi,

Thanks for sharing your thought. Are there any other
thoughts?


Thanks,
-- 
kou


In <62c41c00-a5ad-4f1f-942b-54ffaa43b...@python.org>
  "Re: [DISCUSS][C++] Should we disallow storage account key in Azure file 
system URL?" on Thu, 12 Sep 2024 10:40:10 +0200,
  Antoine Pitrou <anto...@python.org> wrote:

> 
> Hi,
> 
> I sympathize with the security argument. If no other library allows
> for embedding the Azure password directly in the URL, then I would be
> ok for deprecating it.
> 
> Regards
> 
> Antoine.
> 
> 
> Le 10/09/2024 à 03:24, Sutou Kouhei a écrit :
>> Hi,
>> The current Azure file system URI accepts account key as
>> "password" field:
>> https://github.com/apache/arrow/blob/f3dd298bd32f6dc38654680c49b3f1fbf97e3d5f/cpp/src/arrow/filesystem/azurefs.h#L147-L152
>> Should we disallow it?
>> (I don't have a strong opinion for this.)
>> Related issue: https://github.com/apache/arrow/issues/43197
>> It focus on compatibility with products that support Azure
>> Blob File System URL mainly. But it also focus on security.
>> Random notes:
>> * The account key ("password" field) isn't used in URL of
>>    real API calls. It's just used to build related objects of
>>    Azure SDK for C++.
>> * The URI specification (RFC 3986) deprecates
>>    the "user:password" format:
>>    https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.1
>> Thanks,

Reply via email to