You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Apache Spark (JIRA)" <ji...@apache.org> on 2018/01/05 17:35:00 UTC
[jira] [Assigned] (SPARK-16501) spark.mesos.secret exposed on UI
and command line
[ https://issues.apache.org/jira/browse/SPARK-16501?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Apache Spark reassigned SPARK-16501:
------------------------------------
Assignee: Apache Spark
> spark.mesos.secret exposed on UI and command line
> -------------------------------------------------
>
> Key: SPARK-16501
> URL: https://issues.apache.org/jira/browse/SPARK-16501
> Project: Spark
> Issue Type: Improvement
> Components: Spark Submit, Web UI
> Affects Versions: 1.6.2
> Reporter: Eric Daniel
> Assignee: Apache Spark
> Labels: security
>
> There are two related problems with spark.mesos.secret:
> 1) The web UI shows its value in the "environment" tab
> 2) Passing it as a command-line option to spark-submit (or creating a SparkContext from python, with the effect of launching spark-submit) exposes it to "ps"
> I'll be happy to submit a patch but I could use some advice first.
> The first problem is easy enough, just don't show that value in the UI
> For the second problem, I'm not sure what the best solution is. A "spark.mesos.secret-file" parameter would let the user store the secret in a non-world-readable file. Alternatively, the mesos secret could be obtained from the environment, which other users don't have access to. Either solution would work in client mode, but I don't know if they're workable in cluster mode.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org