Hi, There is no thought that we should keep this feature. Let's remove this feature.
Thanks, -- kou In <20240917.145006.2055633320145985675....@clear-code.com> "Re: [DISCUSS][C++] Should we disallow storage account key in Azure file system URL?" on Tue, 17 Sep 2024 14:50:06 +0900 (JST), Sutou Kouhei <k...@clear-code.com> wrote: > Hi, > > Thanks for sharing your thought. Are there any other > thoughts? > > > Thanks, > -- > kou > > > In <62c41c00-a5ad-4f1f-942b-54ffaa43b...@python.org> > "Re: [DISCUSS][C++] Should we disallow storage account key in Azure file > system URL?" on Thu, 12 Sep 2024 10:40:10 +0200, > Antoine Pitrou <anto...@python.org> wrote: > >> >> Hi, >> >> I sympathize with the security argument. If no other library allows >> for embedding the Azure password directly in the URL, then I would be >> ok for deprecating it. >> >> Regards >> >> Antoine. >> >> >> Le 10/09/2024 à 03:24, Sutou Kouhei a écrit : >>> Hi, >>> The current Azure file system URI accepts account key as >>> "password" field: >>> https://github.com/apache/arrow/blob/f3dd298bd32f6dc38654680c49b3f1fbf97e3d5f/cpp/src/arrow/filesystem/azurefs.h#L147-L152 >>> Should we disallow it? >>> (I don't have a strong opinion for this.) >>> Related issue: https://github.com/apache/arrow/issues/43197 >>> It focus on compatibility with products that support Azure >>> Blob File System URL mainly. But it also focus on security. >>> Random notes: >>> * The account key ("password" field) isn't used in URL of >>> real API calls. It's just used to build related objects of >>> Azure SDK for C++. >>> * The URI specification (RFC 3986) deprecates >>> the "user:password" format: >>> https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.1 >>> Thanks,
