Github user vanzin commented on the pull request:
https://github.com/apache/spark/pull/5377#issuecomment-93830340
A note about the last commit: I noticed while debugging that calling
`TransportServer.close()` doesn't close client connections that are still open.
That may or may not be a bug in practice, but it could lead to malicious
clients hogging resources in case the server process stays alive after the
server socket is closed.
That is something for a different change, though. One way to fix it could
be to have a timeout on the SASL negotiation: if the negotiation is successful
we trust the client, otherwise the timeout closes the door on malicious clients.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
