On Wed, Oct 20, 2021 at 12:03:46PM -0700, dai.ngo@xxxxxxxxxx wrote: > > On 10/20/21 9:33 AM, Olga Kornievskaia wrote: > >On Wed, Oct 20, 2021 at 12:00 PM Chuck Lever III <chuck.lever@xxxxxxxxxx> wrote: > >>>2. Security question: with server-to-server copy enabled, you can send > >>>the server a COPY call with any random address, and the server will > >>>mount that address, open a file, and read from it. Is that safe? > > The client already has write access to the share on the destination > server, it can write any data to the destination file. Agreed. Please look back at what I said; I'm not thinking about attacks on the source server, I'm thinking about attacks on the destination (the one that receives the COPY). --b.