You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Marcelo Vanzin (JIRA)" <ji...@apache.org> on 2017/06/05 16:46:04 UTC
[jira] [Commented] (SPARK-20982) Consider adding SSL support for
Spark REST submission server and client
[ https://issues.apache.org/jira/browse/SPARK-20982?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16037195#comment-16037195 ]
Marcelo Vanzin commented on SPARK-20982:
----------------------------------------
Really not familiar with that stuff. But given that it uses Jetty most probably, I'm surprised it doesn't support ssl.
> Consider adding SSL support for Spark REST submission server and client
> -----------------------------------------------------------------------
>
> Key: SPARK-20982
> URL: https://issues.apache.org/jira/browse/SPARK-20982
> Project: Spark
> Issue Type: Improvement
> Components: Spark Submit
> Affects Versions: 2.2.0
> Reporter: Saisai Shao
> Priority: Minor
>
> Currently all the Spark's http connection is secured by SSL except REST submission client and server used in Standalone and Mesos cluster mode. This could potentially be a security hole when running in a fully secured environment. Though this REST client and server are not public, only used by {{SparkSubmit}} internally, since it opened a http connection, so user could still use it bypass {{SparkSubmit}}.
> So here proposed to SSL support for {{RestSubmissionClient}} and {{RestSubmissionServer}}.
> CC [~tgraves] [~vanzin], what's your opinion on this? Would be grateful to see your comments.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org