From c4bab785e93f436a2b39a16c32d33cc28e8de9d6 Mon Sep 17 00:00:00 2001 From: Jihoon Son Date: Wed, 10 Nov 2021 22:35:31 -0800 Subject: [PATCH] Remove stale warning for HTTP inputSource --- docs/ingestion/native-batch.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/ingestion/native-batch.md b/docs/ingestion/native-batch.md index 2059b631f66d..a0c3b11de7d0 100644 --- a/docs/ingestion/native-batch.md +++ b/docs/ingestion/native-batch.md @@ -1218,9 +1218,7 @@ in `druid.ingestion.hdfs.allowedProtocols`. See [HDFS input source security conf The HTTP input source is to support reading files directly from remote sites via HTTP. -> **NOTE:** Ingestion tasks run under the operating system account that runs the Druid processes, for example the Indexer, Middle Manager, and Peon. This means any user who can submit an ingestion task can specify an `HTTPInputSource` at any location where the Druid process has permissions. For example, using `HTTPInputSource`, a console user has access to internal network locations where the they would be denied access otherwise. - -> **WARNING:** `HTTPInputSource` is not limited to the HTTP or HTTPS protocols. It uses the Java `URI` class that supports HTTP, HTTPS, FTP, file, and jar protocols by default. This means you should never run Druid under the `root` account, because a user can use the file protocol to access any files on the local disk. +> **NOTE:** Ingestion tasks run under the operating system account that runs the Druid processes, for example the Indexer, Middle Manager, and Peon. This means any user who can submit an ingestion task can specify an `HTTPInputSource` at any location where the Druid process has permissions. For example, using `HTTPInputSource`, a console user has access to internal network locations where they would be denied access otherwise. For more information about security best practices, see [Security overview](../operations/security-overview.md#best-practices).