Github user andrewor14 commented on the pull request:
https://github.com/apache/spark/pull/509#issuecomment-41212700
What happens if the HistoryServer sets the `spark.ui.acls.*` options itself
(e.g. through SPARK_HISTORY_OPTS)? The HistoryPage will not be accessible to
the public, though the attached SparkUIs will be. This seems to me a good
approximation of applying HistoryServer-wide restrictions for all of its
attached SparkUIs, since the URL to each SparkUI is hard to guess.
I think honoring each application's own security configs makes sense. This
assumes that the logs are also secure, however, such that the attacker can't
change the EnvironmentUpdate event to add themselves in the user ACL. We can
ensure this on a higher level through HDFS permissions in SPARK-1557, as you
suggest.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
