[
https://issues.apache.org/jira/browse/SPARK-3883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14174005#comment-14174005
]
Marcelo Vanzin commented on SPARK-3883:
---------------------------------------
FYI, any PR here should make sure the default configuration is safe against the
"POODLE" attack (https://access.redhat.com/security/cve/CVE-2014-3566). Here's
something for Jetty:
http://stackoverflow.com/questions/26382540/how-to-disable-the-sslv3-protocol-in-jetty-to-prevent-poodle-attack
> Provide SSL support for Akka and HttpServer based connections
> -------------------------------------------------------------
>
> Key: SPARK-3883
> URL: https://issues.apache.org/jira/browse/SPARK-3883
> Project: Spark
> Issue Type: Improvement
> Components: Spark Core
> Reporter: Jacek Lewandowski
>
> Spark uses at least 4 logical communication channels:
> 1. Control messages - Akka based
> 2. JARs and other files - Jetty based (HttpServer)
> 3. Computation results - Java NIO based
> 4. Web UI - Jetty based
> The aim of this feature is to enable SSL for (1) and (2).
> Why:
> Spark configuration is sent through (1). Spark configuration may contain
> sensitive information like credentials for accessing external data sources or
> streams. Application JAR files (2) may include the application logic and
> therefore they may include information about the structure of the external
> data sources, and credentials as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
