tgravescs commented on a change in pull request #23337: [SPARK-26019][PYSPARK]
Allow insecure py4j gateways
URL: https://github.com/apache/spark/pull/23337#discussion_r242551974
##########
File path:
core/src/main/scala/org/apache/spark/api/python/PythonGatewayServer.scala
##########
@@ -43,12 +43,17 @@ private[spark] object PythonGatewayServer extends Logging {
// with the same secret, in case the app needs callbacks from the JVM to
the underlying
// python processes.
val localhost = InetAddress.getLoopbackAddress()
- val gatewayServer: GatewayServer = new GatewayServer.GatewayServerBuilder()
- .authToken(secret)
+ val builder = new GatewayServer.GatewayServerBuilder()
.javaPort(0)
.javaAddress(localhost)
.callbackClient(GatewayServer.DEFAULT_PYTHON_PORT, localhost, secret)
- .build()
+ if (sys.env.getOrElse("_PYSPARK_INSECURE_GATEWAY", "0") != "1") {
+ builder.authToken(secret)
+ } else {
+ assert(sys.env.getOrElse("SPARK_TESTING", "0") == "1",
+ "Creating insecure Java gateways only allowed for testing")
Review comment:
seems a bit weird to say only allowed for testing when isn't this being
specifically added for Zeppelin for compatibility. I would put a bigger
warning here about running insecure might leave you vulnerable to attack
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
