[
https://issues.apache.org/jira/browse/SPARK-6907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14550808#comment-14550808
]
Steve Loughran commented on SPARK-6907:
---------------------------------------
Having just looked at this code, I'm a bit worried about the implications of
the dynamic JAR download.
# what happens if the first attempt to use the client takes place while the
caller is off the internet (i.e. an isolated cluster)?
# when Ivy pulls down JARs over HTTP, it checks the MD5 sums from the same
server. It's not secure, merely verifies that the SHA1 and JAR is tampered with
consistently.
Maybe I've misunderstood something —if I haven't this strikes me as insecure
> Create an isolated classloader for the Hive Client.
> ---------------------------------------------------
>
> Key: SPARK-6907
> URL: https://issues.apache.org/jira/browse/SPARK-6907
> Project: Spark
> Issue Type: Sub-task
> Components: SQL
> Reporter: Michael Armbrust
> Assignee: Michael Armbrust
> Fix For: 1.4.0
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
