[FEATURE] Add option to disallow catalog views #534
Labels
enhancement
New feature or request
Comments
|
do u mean glue catalog view? |
|
Yes glue catalog view can potentially have injected code. |
|
per doc https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-glue-views.html. How can we determine if a query references a view in Glue? One approach is through the analyzer, which retrieves metadata from Glue, potentially including information about views. However, the challenge lies in how the spark extension can interpret the analyzer's behavior and prevent access to views. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Catalog views cannot be trusted because they can inject custom code. To work with secure environments, an option should exist to disallow this SQL injection technique.
The text was updated successfully, but these errors were encountered: