HyukjinKwon commented on a change in pull request #23337:
[SPARK-26019][PYSPARK] Allow insecure py4j gateways
URL: https://github.com/apache/spark/pull/23337#discussion_r244906124
##########
File path: python/pyspark/context.py
##########
@@ -112,6 +112,20 @@ def __init__(self, master=None, appName=None,
sparkHome=None, pyFiles=None,
ValueError:...
"""
self._callsite = first_spark_call() or CallSite(None, None, None)
+ if gateway is not None and gateway.gateway_parameters.auth_token is
None:
+ allow_insecure_env =
os.environ.get("PYSPARK_ALLOW_INSECURE_GATEWAY", "0")
+ if allow_insecure_env == "1" or allow_insecure_env.lower() ==
"true":
+ warnings.warn(
+ "You are passing in an insecure Py4j gateway. This "
+ "presents a security risk, and will be completely
forbidden in Spark 3.0")
+ else:
+ raise ValueError(
+ "You are trying to pass an insecure Py4j gateway to Spark.
This"
+ " presents a security risk. If you are sure you
understand and accept this"
+ " risk, you can set the environment variable"
+ " 'PYSPARK_ALLOW_INSECURE_GATEWAY=1', but"
+ " note this option will be removed in Spark 3.0")
Review comment:
+1. Honestly, I still think insecure is a misusage of Spark and It should be
removed. I'm going to merge this as an effort to help upgrading Spark easier in
other projects like Zeppelin.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
