[ https://issues.apache.org/jira/browse/SPARK-6907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14550808#comment-14550808 ]
Steve Loughran commented on SPARK-6907: --------------------------------------- Having just looked at this code, I'm a bit worried about the implications of the dynamic JAR download. # what happens if the first attempt to use the client takes place while the caller is off the internet (i.e. an isolated cluster)? # when Ivy pulls down JARs over HTTP, it checks the MD5 sums from the same server. It's not secure, merely verifies that the SHA1 and JAR is tampered with consistently. Maybe I've misunderstood something —if I haven't this strikes me as insecure > Create an isolated classloader for the Hive Client. > --------------------------------------------------- > > Key: SPARK-6907 > URL: https://issues.apache.org/jira/browse/SPARK-6907 > Project: Spark > Issue Type: Sub-task > Components: SQL > Reporter: Michael Armbrust > Assignee: Michael Armbrust > Fix For: 1.4.0 > > -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org