Github user tgravescs commented on the issue:
https://github.com/apache/spark/pull/21158
I disagree on this. I find it a regression that you blocked url's and user
names in the first place. Showing these things have been a feature in spark
for a long time. The only security issue here is with jdbc driver, block that
instance. Are there any other places spark itself prints or uses a url with a
password? If so we should fix those.
If not then it would be specified in a user config and if they are doing
that, they should change the config to add it to be redacted. I think the
current behavior is purely worse from a user perspective. There are so many
urls that have no security implications and us blocking them by default I think
is wrong.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
